$schema: "http://json-schema.org/draft-06/schema#"

title: networkservices v1 Gateway export schema
description: A gcloud export/import command YAML validation schema.
type: object
required:
- ports
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  addresses:
    description: |-
      Zero or one IPv4 or IPv6 address on which the Gateway will receive the
      traffic. When no address is provided, an IP from the subnetwork is
      allocated This field only applies to gateways of type
      'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for
      IPv4 and :: for IPv6.
    type: array
    items:
      type: string
  authorizationPolicy:
    description: |-
      A fully-qualified AuthorizationPolicy URL reference. Specifies how
      traffic is authorized. If empty, authorization checks are disabled.
    type: string
  certificateUrls:
    description: |-
      A fully-qualified Certificates URL reference. The proxy presents a
      Certificate (selected based on SNI) when establishing a TLS
      connection. This feature only applies to gateways of type
      'SECURE_WEB_GATEWAY'.
    type: array
    items:
      type: string
  description:
    description: |-
      A free-text description of the resource. Max length 1024
      characters.
    type: string
  envoyHeaders:
    description: |-
      Determines if envoy will insert internal debug headers into
      upstream requests. Other Envoy headers may still be injected. By
      default, envoy will not insert any debug headers.
    type: string
    enum:
    - DEBUG_HEADERS
    - ENVOY_HEADERS_UNSPECIFIED
    - NONE
  gatewaySecurityPolicy:
    description: |-
      A fully-qualified GatewaySecurityPolicy URL reference. Defines how
      a server should apply security policy to inbound (VM to Proxy)
      initiated connections. For example:
      `projects/*/locations/*/gatewaySecurityPolicies/swg-policy`. This
      policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.
    type: string
  ipVersion:
    description: |-
      The IP Version that will be used by this gateway. Valid options
      are IPV4 or IPV6. Default is IPV4.
    type: string
    enum:
    - IPV4
    - IPV6
    - IP_VERSION_UNSPECIFIED
  labels:
    description: Set of label tags associated with the Gateway resource.
    $ref: LabelsValue.yaml
  name:
    description: |-
      Identifier. Name of the Gateway resource. It matches pattern
      `projects/*/locations/*/gateways/`.
    type: string
  network:
    description: |-
      The relative resource name identifying the VPC network that is
      using this configuration. For example:
      `projects/*/global/networks/network-1`. Currently, this field is
      specific to gateways of type 'SECURE_WEB_GATEWAY'.
    type: string
  ports:
    description: |-
      One or more port numbers (1-65535), on which the Gateway will
      receive traffic. The proxy binds to the specified ports. Gateways
      of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of
      type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and
      support multiple ports.
    type: array
    items:
      type: integer
  routingMode:
    description: |-
      The routing mode of the Gateway. This field is configurable
      only for gateways of type SECURE_WEB_GATEWAY. This field is
      required for gateways of type SECURE_WEB_GATEWAY.
    type: string
    enum:
    - EXPLICIT_ROUTING_MODE
    - NEXT_HOP_ROUTING_MODE
  scope:
    description: |-
      Scope determines how configuration across multiple Gateway
      instances are merged. The configuration for multiple Gateway
      instances with the same scope will be merged as presented as a
      single coniguration to the proxy/load balancer. Max length 64
      characters. Scope should start with a letter and can only have
      letters, numbers, hyphens.
    type: string
  securityPolicy:
    description: |-
      A fully-qualified GatewaySecurityPolicy URL reference. Defines
      how a server should apply security policy to inbound (VM to
      Proxy) initiated connections. This policy is specific to
      gateways of type 'SECURE_WEB_GATEWAY'. DEPRECATED!!!! Use the
      gateway_security_policy field instead.
    type: string
  serverTlsPolicy:
    description: |-
      A fully-qualified ServerTLSPolicy URL reference. Specifies how
      TLS traffic is terminated. If empty, TLS termination is
      disabled.
    type: string
  subnetwork:
    description: |-
      The relative resource name identifying the subnetwork in which
      this SWG is allocated. For example: `projects/*/regions/us-
      central1/subnetworks/network-1` Currently, this field is
      specific to gateways of type 'SECURE_WEB_GATEWAY".
    type: string
  type:
    description: |-
      Immutable. The type of the customer managed gateway. This
      field is required. If unspecified, an error is returned.
    type: string
    enum:
    - OPEN_MESH
    - SECURE_WEB_GATEWAY
    - TYPE_UNSPECIFIED