Reference documentation and code samples for the Network Security V1 API class Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy.
ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.
ServerTlsPolicy in the form accepted by Application Load Balancers can
be attached only to TargetHttpsProxy with an EXTERNAL, EXTERNAL_MANAGED
or INTERNAL_MANAGED load balancing scheme. Traffic Director compatible
ServerTlsPolicies can be attached to EndpointPolicy and TargetHttpsProxy with
Traffic Director INTERNAL_SELF_MANAGED load balancing scheme.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#allow_open
def allow_open() -> ::Boolean-
(::Boolean) — This field applies only for Traffic Director policies. It is must be set to
false for Application Load Balancer policies.
Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_openandmtls_policyare set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
#allow_open=
def allow_open=(value) -> ::Boolean-
value (::Boolean) — This field applies only for Traffic Director policies. It is must be set to
false for Application Load Balancer policies.
Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_openandmtls_policyare set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
-
(::Boolean) — This field applies only for Traffic Director policies. It is must be set to
false for Application Load Balancer policies.
Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_openandmtls_policyare set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
#create_time
def create_time() -> ::Google::Protobuf::Timestamp- (::Google::Protobuf::Timestamp) — Output only. The timestamp when the resource was created.
#description
def description() -> ::String- (::String) — Free-text description of the resource.
#description=
def description=(value) -> ::String- value (::String) — Free-text description of the resource.
- (::String) — Free-text description of the resource.
#labels
def labels() -> ::Google::Protobuf::Map{::String => ::String}- (::Google::Protobuf::Map{::String => ::String}) — Set of label tags associated with the resource.
#labels=
def labels=(value) -> ::Google::Protobuf::Map{::String => ::String}- value (::Google::Protobuf::Map{::String => ::String}) — Set of label tags associated with the resource.
- (::Google::Protobuf::Map{::String => ::String}) — Set of label tags associated with the resource.
#mtls_policy
def mtls_policy() -> ::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy-
(::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy) — This field is required if the policy is used with Application Load
Balancers. This field can be empty for Traffic Director.
Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_openandmtls_policyare set, server allows both plain text and mTLS connections.
#mtls_policy=
def mtls_policy=(value) -> ::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy-
value (::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy) — This field is required if the policy is used with Application Load
Balancers. This field can be empty for Traffic Director.
Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_openandmtls_policyare set, server allows both plain text and mTLS connections.
-
(::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy) — This field is required if the policy is used with Application Load
Balancers. This field can be empty for Traffic Director.
Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_openandmtls_policyare set, server allows both plain text and mTLS connections.
#name
def name() -> ::String-
(::String) — Required. Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
#name=
def name=(value) -> ::String-
value (::String) — Required. Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
-
(::String) — Required. Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
#server_certificate
def server_certificate() -> ::Google::Cloud::NetworkSecurity::V1::CertificateProvider-
(::Google::Cloud::NetworkSecurity::V1::CertificateProvider) — Optional if policy is to be used with Traffic Director. For Application
Load Balancers must be empty.
Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_openas a permissive mode that allows both plain text and TLS is not supported.
#server_certificate=
def server_certificate=(value) -> ::Google::Cloud::NetworkSecurity::V1::CertificateProvider-
value (::Google::Cloud::NetworkSecurity::V1::CertificateProvider) — Optional if policy is to be used with Traffic Director. For Application
Load Balancers must be empty.
Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_openas a permissive mode that allows both plain text and TLS is not supported.
-
(::Google::Cloud::NetworkSecurity::V1::CertificateProvider) — Optional if policy is to be used with Traffic Director. For Application
Load Balancers must be empty.
Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_openas a permissive mode that allows both plain text and TLS is not supported.
#update_time
def update_time() -> ::Google::Protobuf::Timestamp- (::Google::Protobuf::Timestamp) — Output only. The timestamp when the resource was updated.