server_tls_policies
Creates, updates, deletes, gets or lists a server_tls_policies resource.
Overview
| Name | server_tls_policies |
| Type | Resource |
| Id | google.networksecurity.server_tls_policies |
Fields
The following fields are returned by SELECT queries:
- projects_locations_server_tls_policies_get
- projects_locations_server_tls_policies_list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Required. Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy} |
allowOpen | boolean | This field applies only for Traffic Director policies. It is must be set to false for Application Load Balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. |
createTime | string (google-datetime) | Output only. The timestamp when the resource was created. |
description | string | Free-text description of the resource. |
labels | object | Set of label tags associated with the resource. |
mtlsPolicy | object | This field is required if the policy is used with Application Load Balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections. (id: MTLSPolicy) |
serverCertificate | object | Optional if policy is to be used with Traffic Director. For Application Load Balancers must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported. (id: GoogleCloudNetworksecurityV1CertificateProvider) |
updateTime | string (google-datetime) | Output only. The timestamp when the resource was updated. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Required. Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy} |
allowOpen | boolean | This field applies only for Traffic Director policies. It is must be set to false for Application Load Balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. |
createTime | string (google-datetime) | Output only. The timestamp when the resource was created. |
description | string | Free-text description of the resource. |
labels | object | Set of label tags associated with the resource. |
mtlsPolicy | object | This field is required if the policy is used with Application Load Balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections. (id: MTLSPolicy) |
serverCertificate | object | Optional if policy is to be used with Traffic Director. For Application Load Balancers must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported. (id: GoogleCloudNetworksecurityV1CertificateProvider) |
updateTime | string (google-datetime) | Output only. The timestamp when the resource was updated. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
projects_locations_server_tls_policies_get | select | projectsId, locationsId, serverTlsPoliciesId | Gets details of a single ServerTlsPolicy. | |
projects_locations_server_tls_policies_list | select | projectsId, locationsId | pageSize, pageToken, returnPartialSuccess | Lists ServerTlsPolicies in a given project and location. |
projects_locations_server_tls_policies_create | insert | projectsId, locationsId | serverTlsPolicyId | Creates a new ServerTlsPolicy in a given project and location. |
projects_locations_server_tls_policies_patch | update | projectsId, locationsId, serverTlsPoliciesId | updateMask | Updates the parameters of a single ServerTlsPolicy. |
projects_locations_server_tls_policies_delete | delete | projectsId, locationsId, serverTlsPoliciesId | Deletes a single ServerTlsPolicy. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
locationsId | string | |
projectsId | string | |
serverTlsPoliciesId | string | |
pageSize | integer (int32) | |
pageToken | string | |
returnPartialSuccess | boolean | |
serverTlsPolicyId | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- projects_locations_server_tls_policies_get
- projects_locations_server_tls_policies_list
Gets details of a single ServerTlsPolicy.
SELECT
name,
allowOpen,
createTime,
description,
labels,
mtlsPolicy,
serverCertificate,
updateTime
FROM google.networksecurity.server_tls_policies
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND serverTlsPoliciesId = '{{ serverTlsPoliciesId }}' -- required;
Lists ServerTlsPolicies in a given project and location.
SELECT
name,
allowOpen,
createTime,
description,
labels,
mtlsPolicy,
serverCertificate,
updateTime
FROM google.networksecurity.server_tls_policies
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND returnPartialSuccess = '{{ returnPartialSuccess }}';
INSERT examples
- projects_locations_server_tls_policies_create
- Manifest
Creates a new ServerTlsPolicy in a given project and location.
INSERT INTO google.networksecurity.server_tls_policies (
data__name,
data__description,
data__labels,
data__allowOpen,
data__serverCertificate,
data__mtlsPolicy,
projectsId,
locationsId,
serverTlsPolicyId
)
SELECT
'{{ name }}',
'{{ description }}',
'{{ labels }}',
{{ allowOpen }},
'{{ serverCertificate }}',
'{{ mtlsPolicy }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ serverTlsPolicyId }}'
RETURNING
name,
done,
error,
metadata,
response
;
# Description fields are for documentation purposes
- name: server_tls_policies
props:
- name: projectsId
value: string
description: Required parameter for the server_tls_policies resource.
- name: locationsId
value: string
description: Required parameter for the server_tls_policies resource.
- name: name
value: string
description: >
Required. Name of the ServerTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`
- name: description
value: string
description: >
Free-text description of the resource.
- name: labels
value: object
description: >
Set of label tags associated with the resource.
- name: allowOpen
value: boolean
description: >
This field applies only for Traffic Director policies. It is must be set to false for Application Load Balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- name: serverCertificate
value: object
description: >
Optional if policy is to be used with Traffic Director. For Application Load Balancers must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with `allow_open` as a permissive mode that allows both plain text and TLS is not supported.
- name: mtlsPolicy
value: object
description: >
This field is required if the policy is used with Application Load Balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections.
- name: serverTlsPolicyId
value: string
UPDATE examples
- projects_locations_server_tls_policies_patch
Updates the parameters of a single ServerTlsPolicy.
UPDATE google.networksecurity.server_tls_policies
SET
data__name = '{{ name }}',
data__description = '{{ description }}',
data__labels = '{{ labels }}',
data__allowOpen = {{ allowOpen }},
data__serverCertificate = '{{ serverCertificate }}',
data__mtlsPolicy = '{{ mtlsPolicy }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND serverTlsPoliciesId = '{{ serverTlsPoliciesId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
done,
error,
metadata,
response;
DELETE examples
- projects_locations_server_tls_policies_delete
Deletes a single ServerTlsPolicy.
DELETE FROM google.networksecurity.server_tls_policies
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND serverTlsPoliciesId = '{{ serverTlsPoliciesId }}' --required;