$schema: "http://json-schema.org/draft-06/schema#"

title: networksecurity v1 MTLSPolicy export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  clientValidationCa:
    description: |-
      Required if the policy is to be used with Traffic Director. For external
      HTTPS load balancers it must be empty. Defines the mechanism to obtain the
      Certificate Authority certificate to validate the client certificate.
    type: array
    items:
      $ref: ValidationCA.yaml
  clientValidationMode:
    description: |-
      When the client presents an invalid certificate or no certificate to
      the load balancer, the `client_validation_mode` specifies how the
      client connection is handled. Required if the policy is to be used
      with the external HTTPS load balancing. For Traffic Director it must
      be empty.
    type: string
    enum:
    - ALLOW_INVALID_OR_MISSING_CLIENT_CERT
    - CLIENT_VALIDATION_MODE_UNSPECIFIED
    - REJECT_INVALID
  clientValidationTrustConfig:
    description: |-
      Reference to the TrustConfig from certificatemanager.googleapis.com
      namespace. If specified, the chain validation will be performed
      against certificates configured in the given TrustConfig. Allowed only
      if the policy is to be used with external HTTPS load balancers.
    type: string