• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2021 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.networksecurity.v1beta1;
18
19import "google/api/field_behavior.proto";
20import "google/api/resource.proto";
21import "google/cloud/networksecurity/v1beta1/tls.proto";
22import "google/protobuf/field_mask.proto";
23import "google/protobuf/timestamp.proto";
24
25option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1";
26option go_package = "cloud.google.com/go/networksecurity/apiv1beta1/networksecuritypb;networksecuritypb";
27option java_multiple_files = true;
28option java_outer_classname = "ClientTlsPolicyProto";
29option java_package = "com.google.cloud.networksecurity.v1beta1";
30option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1";
31option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1";
32
33// ClientTlsPolicy is a resource that specifies how a client should authenticate
34// connections to backends of a service. This resource itself does not affect
35// configuration unless it is attached to a backend service resource.
36message ClientTlsPolicy {
37  option (google.api.resource) = {
38    type: "networksecurity.googleapis.com/ClientTlsPolicy"
39    pattern: "projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}"
40  };
41
42  // Required. Name of the ClientTlsPolicy resource. It matches the pattern
43  // `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}`
44  string name = 1 [(google.api.field_behavior) = REQUIRED];
45
46  // Optional. Free-text description of the resource.
47  string description = 2 [(google.api.field_behavior) = OPTIONAL];
48
49  // Output only. The timestamp when the resource was created.
50  google.protobuf.Timestamp create_time = 3
51      [(google.api.field_behavior) = OUTPUT_ONLY];
52
53  // Output only. The timestamp when the resource was updated.
54  google.protobuf.Timestamp update_time = 4
55      [(google.api.field_behavior) = OUTPUT_ONLY];
56
57  // Optional. Set of label tags associated with the resource.
58  map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL];
59
60  // Optional. Server Name Indication string to present to the server during TLS
61  // handshake. E.g: "secure.example.com".
62  string sni = 6 [(google.api.field_behavior) = OPTIONAL];
63
64  // Optional. Defines a mechanism to provision client identity (public and
65  // private keys) for peer to peer authentication. The presence of this
66  // dictates mTLS.
67  CertificateProvider client_certificate = 7
68      [(google.api.field_behavior) = OPTIONAL];
69
70  // Optional. Defines the mechanism to obtain the Certificate Authority
71  // certificate to validate the server certificate. If empty, client does not
72  // validate the server certificate.
73  repeated ValidationCA server_validation_ca = 8
74      [(google.api.field_behavior) = OPTIONAL];
75}
76
77// Request used by the ListClientTlsPolicies method.
78message ListClientTlsPoliciesRequest {
79  // Required. The project and location from which the ClientTlsPolicies should
80  // be listed, specified in the format `projects/*/locations/{location}`.
81  string parent = 1 [
82    (google.api.field_behavior) = REQUIRED,
83    (google.api.resource_reference) = {
84      type: "locations.googleapis.com/Location"
85    }
86  ];
87
88  // Maximum number of ClientTlsPolicies to return per call.
89  int32 page_size = 2;
90
91  // The value returned by the last `ListClientTlsPoliciesResponse`
92  // Indicates that this is a continuation of a prior
93  // `ListClientTlsPolicies` call, and that the system
94  // should return the next page of data.
95  string page_token = 3;
96}
97
98// Response returned by the ListClientTlsPolicies method.
99message ListClientTlsPoliciesResponse {
100  // List of ClientTlsPolicy resources.
101  repeated ClientTlsPolicy client_tls_policies = 1;
102
103  // If there might be more results than those appearing in this response, then
104  // `next_page_token` is included. To get the next set of results, call this
105  // method again using the value of `next_page_token` as `page_token`.
106  string next_page_token = 2;
107}
108
109// Request used by the GetClientTlsPolicy method.
110message GetClientTlsPolicyRequest {
111  // Required. A name of the ClientTlsPolicy to get. Must be in the format
112  // `projects/*/locations/{location}/clientTlsPolicies/*`.
113  string name = 1 [
114    (google.api.field_behavior) = REQUIRED,
115    (google.api.resource_reference) = {
116      type: "networksecurity.googleapis.com/ClientTlsPolicy"
117    }
118  ];
119}
120
121// Request used by the CreateClientTlsPolicy method.
122message CreateClientTlsPolicyRequest {
123  // Required. The parent resource of the ClientTlsPolicy. Must be in
124  // the format `projects/*/locations/{location}`.
125  string parent = 1 [
126    (google.api.field_behavior) = REQUIRED,
127    (google.api.resource_reference) = {
128      child_type: "networksecurity.googleapis.com/ClientTlsPolicy"
129    }
130  ];
131
132  // Required. Short name of the ClientTlsPolicy resource to be created. This
133  // value should be 1-63 characters long, containing only letters, numbers,
134  // hyphens, and underscores, and should not start with a number. E.g.
135  // "client_mtls_policy".
136  string client_tls_policy_id = 2 [(google.api.field_behavior) = REQUIRED];
137
138  // Required. ClientTlsPolicy resource to be created.
139  ClientTlsPolicy client_tls_policy = 3
140      [(google.api.field_behavior) = REQUIRED];
141}
142
143// Request used by UpdateClientTlsPolicy method.
144message UpdateClientTlsPolicyRequest {
145  // Optional. Field mask is used to specify the fields to be overwritten in the
146  // ClientTlsPolicy resource by the update.  The fields
147  // specified in the update_mask are relative to the resource, not
148  // the full request. A field will be overwritten if it is in the
149  // mask. If the user does not provide a mask then all fields will be
150  // overwritten.
151  google.protobuf.FieldMask update_mask = 1
152      [(google.api.field_behavior) = OPTIONAL];
153
154  // Required. Updated ClientTlsPolicy resource.
155  ClientTlsPolicy client_tls_policy = 2
156      [(google.api.field_behavior) = REQUIRED];
157}
158
159// Request used by the DeleteClientTlsPolicy method.
160message DeleteClientTlsPolicyRequest {
161  // Required. A name of the ClientTlsPolicy to delete. Must be in
162  // the format `projects/*/locations/{location}/clientTlsPolicies/*`.
163  string name = 1 [
164    (google.api.field_behavior) = REQUIRED,
165    (google.api.resource_reference) = {
166      type: "networksecurity.googleapis.com/ClientTlsPolicy"
167    }
168  ];
169}
170