1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.networksecurity.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/networksecurity/v1/tls.proto"; 22import "google/protobuf/field_mask.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.NetworkSecurity.V1"; 26option go_package = "cloud.google.com/go/networksecurity/apiv1/networksecuritypb;networksecuritypb"; 27option java_multiple_files = true; 28option java_outer_classname = "ClientTlsPolicyProto"; 29option java_package = "com.google.cloud.networksecurity.v1"; 30option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1"; 31option ruby_package = "Google::Cloud::NetworkSecurity::V1"; 32 33// ClientTlsPolicy is a resource that specifies how a client should authenticate 34// connections to backends of a service. This resource itself does not affect 35// configuration unless it is attached to a backend service resource. 36message ClientTlsPolicy { 37 option (google.api.resource) = { 38 type: "networksecurity.googleapis.com/ClientTlsPolicy" 39 pattern: "projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}" 40 }; 41 42 // Required. Name of the ClientTlsPolicy resource. It matches the pattern 43 // `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}` 44 string name = 1 [(google.api.field_behavior) = REQUIRED]; 45 46 // Optional. Free-text description of the resource. 47 string description = 2 [(google.api.field_behavior) = OPTIONAL]; 48 49 // Output only. The timestamp when the resource was created. 50 google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 51 52 // Output only. The timestamp when the resource was updated. 53 google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 54 55 // Optional. Set of label tags associated with the resource. 56 map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL]; 57 58 // Optional. Server Name Indication string to present to the server during TLS 59 // handshake. E.g: "secure.example.com". 60 string sni = 6 [(google.api.field_behavior) = OPTIONAL]; 61 62 // Optional. Defines a mechanism to provision client identity (public and private keys) 63 // for peer to peer authentication. The presence of this dictates mTLS. 64 CertificateProvider client_certificate = 7 [(google.api.field_behavior) = OPTIONAL]; 65 66 // Optional. Defines the mechanism to obtain the Certificate Authority certificate to 67 // validate the server certificate. If empty, client does not validate the 68 // server certificate. 69 repeated ValidationCA server_validation_ca = 8 [(google.api.field_behavior) = OPTIONAL]; 70} 71 72// Request used by the ListClientTlsPolicies method. 73message ListClientTlsPoliciesRequest { 74 // Required. The project and location from which the ClientTlsPolicies should 75 // be listed, specified in the format `projects/*/locations/{location}`. 76 string parent = 1 [ 77 (google.api.field_behavior) = REQUIRED, 78 (google.api.resource_reference) = { 79 type: "locations.googleapis.com/Location" 80 } 81 ]; 82 83 // Maximum number of ClientTlsPolicies to return per call. 84 int32 page_size = 2; 85 86 // The value returned by the last `ListClientTlsPoliciesResponse` 87 // Indicates that this is a continuation of a prior 88 // `ListClientTlsPolicies` call, and that the system 89 // should return the next page of data. 90 string page_token = 3; 91} 92 93// Response returned by the ListClientTlsPolicies method. 94message ListClientTlsPoliciesResponse { 95 // List of ClientTlsPolicy resources. 96 repeated ClientTlsPolicy client_tls_policies = 1; 97 98 // If there might be more results than those appearing in this response, then 99 // `next_page_token` is included. To get the next set of results, call this 100 // method again using the value of `next_page_token` as `page_token`. 101 string next_page_token = 2; 102} 103 104// Request used by the GetClientTlsPolicy method. 105message GetClientTlsPolicyRequest { 106 // Required. A name of the ClientTlsPolicy to get. Must be in the format 107 // `projects/*/locations/{location}/clientTlsPolicies/*`. 108 string name = 1 [ 109 (google.api.field_behavior) = REQUIRED, 110 (google.api.resource_reference) = { 111 type: "networksecurity.googleapis.com/ClientTlsPolicy" 112 } 113 ]; 114} 115 116// Request used by the CreateClientTlsPolicy method. 117message CreateClientTlsPolicyRequest { 118 // Required. The parent resource of the ClientTlsPolicy. Must be in 119 // the format `projects/*/locations/{location}`. 120 string parent = 1 [ 121 (google.api.field_behavior) = REQUIRED, 122 (google.api.resource_reference) = { 123 child_type: "networksecurity.googleapis.com/ClientTlsPolicy" 124 } 125 ]; 126 127 // Required. Short name of the ClientTlsPolicy resource to be created. This value should 128 // be 1-63 characters long, containing only letters, numbers, hyphens, and 129 // underscores, and should not start with a number. E.g. "client_mtls_policy". 130 string client_tls_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; 131 132 // Required. ClientTlsPolicy resource to be created. 133 ClientTlsPolicy client_tls_policy = 3 [(google.api.field_behavior) = REQUIRED]; 134} 135 136// Request used by UpdateClientTlsPolicy method. 137message UpdateClientTlsPolicyRequest { 138 // Optional. Field mask is used to specify the fields to be overwritten in the 139 // ClientTlsPolicy resource by the update. The fields 140 // specified in the update_mask are relative to the resource, not 141 // the full request. A field will be overwritten if it is in the 142 // mask. If the user does not provide a mask then all fields will be 143 // overwritten. 144 google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = OPTIONAL]; 145 146 // Required. Updated ClientTlsPolicy resource. 147 ClientTlsPolicy client_tls_policy = 2 [(google.api.field_behavior) = REQUIRED]; 148} 149 150// Request used by the DeleteClientTlsPolicy method. 151message DeleteClientTlsPolicyRequest { 152 // Required. A name of the ClientTlsPolicy to delete. Must be in 153 // the format `projects/*/locations/{location}/clientTlsPolicies/*`. 154 string name = 1 [ 155 (google.api.field_behavior) = REQUIRED, 156 (google.api.resource_reference) = { 157 type: "networksecurity.googleapis.com/ClientTlsPolicy" 158 } 159 ]; 160} 161