1// Copyright 2021 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.networksecurity.v1beta1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/networksecurity/v1beta1/tls.proto"; 22import "google/protobuf/field_mask.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; 26option go_package = "cloud.google.com/go/networksecurity/apiv1beta1/networksecuritypb;networksecuritypb"; 27option java_multiple_files = true; 28option java_outer_classname = "ServerTlsPolicyProto"; 29option java_package = "com.google.cloud.networksecurity.v1beta1"; 30option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; 31option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; 32 33// ServerTlsPolicy is a resource that specifies how a server should authenticate 34// incoming requests. This resource itself does not affect configuration unless 35// it is attached to a target https proxy or endpoint config selector resource. 36message ServerTlsPolicy { 37 option (google.api.resource) = { 38 type: "networksecurity.googleapis.com/ServerTlsPolicy" 39 pattern: "projects/{project}/locations/{location}/serverTlsPolicies/{server_tls_policy}" 40 }; 41 42 // Specification of the MTLSPolicy. 43 message MTLSPolicy { 44 // 45 // Defines the mechanism to obtain the Certificate Authority certificate to 46 // validate the client certificate. 47 repeated ValidationCA client_validation_ca = 1; 48 } 49 50 // Required. Name of the ServerTlsPolicy resource. It matches the pattern 51 // `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}` 52 string name = 1 [(google.api.field_behavior) = REQUIRED]; 53 54 // Free-text description of the resource. 55 string description = 2; 56 57 // Output only. The timestamp when the resource was created. 58 google.protobuf.Timestamp create_time = 3 59 [(google.api.field_behavior) = OUTPUT_ONLY]; 60 61 // Output only. The timestamp when the resource was updated. 62 google.protobuf.Timestamp update_time = 4 63 [(google.api.field_behavior) = OUTPUT_ONLY]; 64 65 // Set of label tags associated with the resource. 66 map<string, string> labels = 5; 67 68 // 69 // Determines if server allows plaintext connections. If set to true, server 70 // allows plain text connections. By default, it is set to false. This setting 71 // is not exclusive of other encryption modes. For example, if `allow_open` 72 // and `mtls_policy` are set, server allows both plain text and mTLS 73 // connections. See documentation of other encryption modes to confirm 74 // compatibility. 75 // 76 // Consider using it if you wish to upgrade in place your deployment to TLS 77 // while having mixed TLS and non-TLS traffic reaching port :80. 78 bool allow_open = 6; 79 80 // 81 // Defines a mechanism to provision server identity (public and private keys). 82 // Cannot be combined with `allow_open` as a permissive mode that allows both 83 // plain text and TLS is not supported. 84 CertificateProvider server_certificate = 7; 85 86 // 87 // Defines a mechanism to provision peer validation certificates for peer to 88 // peer authentication (Mutual TLS - mTLS). If not specified, client 89 // certificate will not be requested. The connection is treated as TLS and not 90 // mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain 91 // text and mTLS connections. 92 MTLSPolicy mtls_policy = 8; 93} 94 95// Request used by the ListServerTlsPolicies method. 96message ListServerTlsPoliciesRequest { 97 // Required. The project and location from which the ServerTlsPolicies should 98 // be listed, specified in the format `projects/*/locations/{location}`. 99 string parent = 1 [ 100 (google.api.field_behavior) = REQUIRED, 101 (google.api.resource_reference) = { 102 type: "locations.googleapis.com/Location" 103 } 104 ]; 105 106 // Maximum number of ServerTlsPolicies to return per call. 107 int32 page_size = 2; 108 109 // The value returned by the last `ListServerTlsPoliciesResponse` 110 // Indicates that this is a continuation of a prior 111 // `ListServerTlsPolicies` call, and that the system 112 // should return the next page of data. 113 string page_token = 3; 114} 115 116// Response returned by the ListServerTlsPolicies method. 117message ListServerTlsPoliciesResponse { 118 // List of ServerTlsPolicy resources. 119 repeated ServerTlsPolicy server_tls_policies = 1; 120 121 // If there might be more results than those appearing in this response, then 122 // `next_page_token` is included. To get the next set of results, call this 123 // method again using the value of `next_page_token` as `page_token`. 124 string next_page_token = 2; 125} 126 127// Request used by the GetServerTlsPolicy method. 128message GetServerTlsPolicyRequest { 129 // Required. A name of the ServerTlsPolicy to get. Must be in the format 130 // `projects/*/locations/{location}/serverTlsPolicies/*`. 131 string name = 1 [ 132 (google.api.field_behavior) = REQUIRED, 133 (google.api.resource_reference) = { 134 type: "networksecurity.googleapis.com/ServerTlsPolicy" 135 } 136 ]; 137} 138 139// Request used by the CreateServerTlsPolicy method. 140message CreateServerTlsPolicyRequest { 141 // Required. The parent resource of the ServerTlsPolicy. Must be in 142 // the format `projects/*/locations/{location}`. 143 string parent = 1 [ 144 (google.api.field_behavior) = REQUIRED, 145 (google.api.resource_reference) = { 146 child_type: "networksecurity.googleapis.com/ServerTlsPolicy" 147 } 148 ]; 149 150 // Required. Short name of the ServerTlsPolicy resource to be created. This 151 // value should be 1-63 characters long, containing only letters, numbers, 152 // hyphens, and underscores, and should not start with a number. E.g. 153 // "server_mtls_policy". 154 string server_tls_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; 155 156 // Required. ServerTlsPolicy resource to be created. 157 ServerTlsPolicy server_tls_policy = 3 158 [(google.api.field_behavior) = REQUIRED]; 159} 160 161// Request used by UpdateServerTlsPolicy method. 162message UpdateServerTlsPolicyRequest { 163 // Optional. Field mask is used to specify the fields to be overwritten in the 164 // ServerTlsPolicy resource by the update. The fields 165 // specified in the update_mask are relative to the resource, not 166 // the full request. A field will be overwritten if it is in the 167 // mask. If the user does not provide a mask then all fields will be 168 // overwritten. 169 google.protobuf.FieldMask update_mask = 1 170 [(google.api.field_behavior) = OPTIONAL]; 171 172 // Required. Updated ServerTlsPolicy resource. 173 ServerTlsPolicy server_tls_policy = 2 174 [(google.api.field_behavior) = REQUIRED]; 175} 176 177// Request used by the DeleteServerTlsPolicy method. 178message DeleteServerTlsPolicyRequest { 179 // Required. A name of the ServerTlsPolicy to delete. Must be in 180 // the format `projects/*/locations/{location}/serverTlsPolicies/*`. 181 string name = 1 [ 182 (google.api.field_behavior) = REQUIRED, 183 (google.api.resource_reference) = { 184 type: "networksecurity.googleapis.com/ServerTlsPolicy" 185 } 186 ]; 187} 188