1// Copyright 2021 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.networksecurity.v1beta1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/networksecurity/v1beta1/tls.proto"; 22import "google/protobuf/field_mask.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; 26option go_package = "cloud.google.com/go/networksecurity/apiv1beta1/networksecuritypb;networksecuritypb"; 27option java_multiple_files = true; 28option java_outer_classname = "ClientTlsPolicyProto"; 29option java_package = "com.google.cloud.networksecurity.v1beta1"; 30option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; 31option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; 32 33// ClientTlsPolicy is a resource that specifies how a client should authenticate 34// connections to backends of a service. This resource itself does not affect 35// configuration unless it is attached to a backend service resource. 36message ClientTlsPolicy { 37 option (google.api.resource) = { 38 type: "networksecurity.googleapis.com/ClientTlsPolicy" 39 pattern: "projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}" 40 }; 41 42 // Required. Name of the ClientTlsPolicy resource. It matches the pattern 43 // `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}` 44 string name = 1 [(google.api.field_behavior) = REQUIRED]; 45 46 // Optional. Free-text description of the resource. 47 string description = 2 [(google.api.field_behavior) = OPTIONAL]; 48 49 // Output only. The timestamp when the resource was created. 50 google.protobuf.Timestamp create_time = 3 51 [(google.api.field_behavior) = OUTPUT_ONLY]; 52 53 // Output only. The timestamp when the resource was updated. 54 google.protobuf.Timestamp update_time = 4 55 [(google.api.field_behavior) = OUTPUT_ONLY]; 56 57 // Optional. Set of label tags associated with the resource. 58 map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL]; 59 60 // Optional. Server Name Indication string to present to the server during TLS 61 // handshake. E.g: "secure.example.com". 62 string sni = 6 [(google.api.field_behavior) = OPTIONAL]; 63 64 // Optional. Defines a mechanism to provision client identity (public and 65 // private keys) for peer to peer authentication. The presence of this 66 // dictates mTLS. 67 CertificateProvider client_certificate = 7 68 [(google.api.field_behavior) = OPTIONAL]; 69 70 // Optional. Defines the mechanism to obtain the Certificate Authority 71 // certificate to validate the server certificate. If empty, client does not 72 // validate the server certificate. 73 repeated ValidationCA server_validation_ca = 8 74 [(google.api.field_behavior) = OPTIONAL]; 75} 76 77// Request used by the ListClientTlsPolicies method. 78message ListClientTlsPoliciesRequest { 79 // Required. The project and location from which the ClientTlsPolicies should 80 // be listed, specified in the format `projects/*/locations/{location}`. 81 string parent = 1 [ 82 (google.api.field_behavior) = REQUIRED, 83 (google.api.resource_reference) = { 84 type: "locations.googleapis.com/Location" 85 } 86 ]; 87 88 // Maximum number of ClientTlsPolicies to return per call. 89 int32 page_size = 2; 90 91 // The value returned by the last `ListClientTlsPoliciesResponse` 92 // Indicates that this is a continuation of a prior 93 // `ListClientTlsPolicies` call, and that the system 94 // should return the next page of data. 95 string page_token = 3; 96} 97 98// Response returned by the ListClientTlsPolicies method. 99message ListClientTlsPoliciesResponse { 100 // List of ClientTlsPolicy resources. 101 repeated ClientTlsPolicy client_tls_policies = 1; 102 103 // If there might be more results than those appearing in this response, then 104 // `next_page_token` is included. To get the next set of results, call this 105 // method again using the value of `next_page_token` as `page_token`. 106 string next_page_token = 2; 107} 108 109// Request used by the GetClientTlsPolicy method. 110message GetClientTlsPolicyRequest { 111 // Required. A name of the ClientTlsPolicy to get. Must be in the format 112 // `projects/*/locations/{location}/clientTlsPolicies/*`. 113 string name = 1 [ 114 (google.api.field_behavior) = REQUIRED, 115 (google.api.resource_reference) = { 116 type: "networksecurity.googleapis.com/ClientTlsPolicy" 117 } 118 ]; 119} 120 121// Request used by the CreateClientTlsPolicy method. 122message CreateClientTlsPolicyRequest { 123 // Required. The parent resource of the ClientTlsPolicy. Must be in 124 // the format `projects/*/locations/{location}`. 125 string parent = 1 [ 126 (google.api.field_behavior) = REQUIRED, 127 (google.api.resource_reference) = { 128 child_type: "networksecurity.googleapis.com/ClientTlsPolicy" 129 } 130 ]; 131 132 // Required. Short name of the ClientTlsPolicy resource to be created. This 133 // value should be 1-63 characters long, containing only letters, numbers, 134 // hyphens, and underscores, and should not start with a number. E.g. 135 // "client_mtls_policy". 136 string client_tls_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; 137 138 // Required. ClientTlsPolicy resource to be created. 139 ClientTlsPolicy client_tls_policy = 3 140 [(google.api.field_behavior) = REQUIRED]; 141} 142 143// Request used by UpdateClientTlsPolicy method. 144message UpdateClientTlsPolicyRequest { 145 // Optional. Field mask is used to specify the fields to be overwritten in the 146 // ClientTlsPolicy resource by the update. The fields 147 // specified in the update_mask are relative to the resource, not 148 // the full request. A field will be overwritten if it is in the 149 // mask. If the user does not provide a mask then all fields will be 150 // overwritten. 151 google.protobuf.FieldMask update_mask = 1 152 [(google.api.field_behavior) = OPTIONAL]; 153 154 // Required. Updated ClientTlsPolicy resource. 155 ClientTlsPolicy client_tls_policy = 2 156 [(google.api.field_behavior) = REQUIRED]; 157} 158 159// Request used by the DeleteClientTlsPolicy method. 160message DeleteClientTlsPolicyRequest { 161 // Required. A name of the ClientTlsPolicy to delete. Must be in 162 // the format `projects/*/locations/{location}/clientTlsPolicies/*`. 163 string name = 1 [ 164 (google.api.field_behavior) = REQUIRED, 165 (google.api.resource_reference) = { 166 type: "networksecurity.googleapis.com/ClientTlsPolicy" 167 } 168 ]; 169} 170