HEX

File: //snap/google-cloud-cli/396/lib/googlecloudsdk/schemas/compute/alpha/BackendServiceTlsSettings.yaml
$schema: "http://json-schema.org/draft-06/schema#"

title: compute alpha BackendServiceTlsSettings export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  authenticationConfig:
    description: |-
      Reference to the BackendAuthenticationConfig resource from the
      networksecurity.googleapis.com namespace. Can be used in authenticating
      TLS connections to the backend, as specified by the authenticationMode
      field. Can only be specified if authenticationMode is not NONE.
    type: string
  identity:
    description: |-
      Assigns the Managed Identity for the RegionBackendService Workload. Use
      this property to configure the load balancer back-end to use certificates
      and roots of trust provisioned by the Managed Workload Identity system.
      The `managedIdentity` property is the fully-specified SPIFFE ID to use in
      the SVID presented by the Load Balancer Workload. The SPIFFE ID must be a
      resource starting with the "spiffe" scheme identifier, followed by the
      "trustDomain" property value, followed by the path to the Managed Workload
      Identity. Supported SPIFFE ID format: -
      spiffe://<trust_domain>/ns/<namespace>/sa/<subject> The Trust Domain
      within the Managed Identity must refer to a valid Workload Identity Pool.
      The TrustConfig and CertificateIssuanceConfig will be inherited from the
      Workload Identity Pool. Restrictions: - If you set the `managedIdentity`
      property, you cannot manually set the following
    type: string
  sni:
    description: |-
      Server Name Indication - see RFC3546 section 3.1. If set, the load
      balancer sends this string as the SNI hostname in the TLS connection to
      the backend, and requires that this string match a Subject Alternative
      Name (SAN) in the backend's server certificate. With a Regional Internet
      NEG backend, if the SNI is specified here, the load balancer uses it
      regardless of whether the Regional Internet NEG is specified with FQDN or
      IP address and port. When both sni and subjectAltNames[] are specified,
      the load balancer matches the backend certificate's SAN only to
      subjectAltNames[].
    type: string
  subjectAltNames:
    description: |-
      A list of Subject Alternative Names (SANs) that the Load Balancer verifies
      during a TLS handshake with the backend. When the server presents its
      X.509 certificate to the Load Balancer, the Load Balancer inspects the
      certificate's SAN field, and requires that at least one SAN match one of
      the subjectAltNames in the list. This field is limited to 5 entries. When
      both sni and subjectAltNames[] are specified, the load balancer matches
      the backend certificate's SAN only to subjectAltNames[].
    type: array
    items:
      $ref: BackendServiceTlsSettingsSubjectAltName.yaml