endpoint_policies

Creates, updates, deletes, gets or lists an endpoint_policies resource.

Overview

Name	`endpoint_policies`
Type	Resource
Id	`google.networkservices.endpoint_policies`

Fields

The following fields are returned by SELECT queries:

get
list

Successful response

Name	Datatype	Description
`name`	`string`	Identifier. Name of the EndpointPolicy resource. It matches pattern `projects/{project}/locations/global/endpointPolicies/{endpoint_policy}`.
`authorizationPolicy`	`string`	Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
`clientTlsPolicy`	`string`	Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
`createTime`	`string (google-datetime)`	Output only. The timestamp when the resource was created.
`description`	`string`	Optional. A free-text description of the resource. Max length 1024 characters.
`endpointMatcher`	`object`	Required. A matcher that selects endpoints to which the policies should be applied. (id: EndpointMatcher)
`labels`	`object`	Optional. Set of label tags associated with the EndpointPolicy resource.
`serverTlsPolicy`	`string`	Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.
`trafficPortSelector`	`object`	Optional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports. (id: TrafficPortSelector)
`type`	`string`	Required. The type of endpoint policy. This is primarily used to validate the configuration.
`updateTime`	`string (google-datetime)`	Output only. The timestamp when the resource was updated.

Successful response

Name	Datatype	Description
`name`	`string`	Identifier. Name of the EndpointPolicy resource. It matches pattern `projects/{project}/locations/global/endpointPolicies/{endpoint_policy}`.
`authorizationPolicy`	`string`	Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
`clientTlsPolicy`	`string`	Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
`createTime`	`string (google-datetime)`	Output only. The timestamp when the resource was created.
`description`	`string`	Optional. A free-text description of the resource. Max length 1024 characters.
`endpointMatcher`	`object`	Required. A matcher that selects endpoints to which the policies should be applied. (id: EndpointMatcher)
`labels`	`object`	Optional. Set of label tags associated with the EndpointPolicy resource.
`serverTlsPolicy`	`string`	Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.
`trafficPortSelector`	`object`	Optional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports. (id: TrafficPortSelector)
`type`	`string`	Required. The type of endpoint policy. This is primarily used to validate the configuration.
`updateTime`	`string (google-datetime)`	Output only. The timestamp when the resource was updated.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`projectsId`, `locationsId`, `endpointPoliciesId`		Gets details of a single EndpointPolicy.
`list`	`select`	`projectsId`, `locationsId`	`pageSize`, `pageToken`, `returnPartialSuccess`	Lists EndpointPolicies in a given project and location.
`create`	`insert`	`projectsId`, `locationsId`	`endpointPolicyId`	Creates a new EndpointPolicy in a given project and location.
`patch`	`update`	`projectsId`, `locationsId`, `endpointPoliciesId`	`updateMask`	Updates the parameters of a single EndpointPolicy.
`delete`	`delete`	`projectsId`, `locationsId`, `endpointPoliciesId`		Deletes a single EndpointPolicy.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`endpointPoliciesId`	`string`
`locationsId`	`string`
`projectsId`	`string`
`endpointPolicyId`	`string`
`pageSize`	`integer (int32)`
`pageToken`	`string`
`returnPartialSuccess`	`boolean`
`updateMask`	`string (google-fieldmask)`

`SELECT` examples

get
list

Gets details of a single EndpointPolicy.

SELECT
name,
authorizationPolicy,
clientTlsPolicy,
createTime,
description,
endpointMatcher,
labels,
serverTlsPolicy,
trafficPortSelector,
type,
updateTime
FROM google.networkservices.endpoint_policies
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND endpointPoliciesId = '{{ endpointPoliciesId }}' -- required;

Lists EndpointPolicies in a given project and location.

SELECT
name,
authorizationPolicy,
clientTlsPolicy,
createTime,
description,
endpointMatcher,
labels,
serverTlsPolicy,
trafficPortSelector,
type,
updateTime
FROM google.networkservices.endpoint_policies
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND returnPartialSuccess = '{{ returnPartialSuccess }}';

`INSERT` examples

create
Manifest

Creates a new EndpointPolicy in a given project and location.

INSERT INTO google.networkservices.endpoint_policies (
data__name,
data__labels,
data__type,
data__authorizationPolicy,
data__endpointMatcher,
data__trafficPortSelector,
data__description,
data__serverTlsPolicy,
data__clientTlsPolicy,
projectsId,
locationsId,
endpointPolicyId
)
SELECT 
'{{ name }}',
'{{ labels }}',
'{{ type }}',
'{{ authorizationPolicy }}',
'{{ endpointMatcher }}',
'{{ trafficPortSelector }}',
'{{ description }}',
'{{ serverTlsPolicy }}',
'{{ clientTlsPolicy }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ endpointPolicyId }}'
RETURNING
name,
done,
error,
metadata,
response
;

# Description fields are for documentation purposes
- name: endpoint_policies
  props:
    - name: projectsId
      value: string
      description: Required parameter for the endpoint_policies resource.
    - name: locationsId
      value: string
      description: Required parameter for the endpoint_policies resource.
    - name: name
      value: string
      description: >
        Identifier. Name of the EndpointPolicy resource. It matches pattern `projects/{project}/locations/global/endpointPolicies/{endpoint_policy}`.
        
    - name: labels
      value: object
      description: >
        Optional. Set of label tags associated with the EndpointPolicy resource.
        
    - name: type
      value: string
      description: >
        Required. The type of endpoint policy. This is primarily used to validate the configuration.
        
      valid_values: ['ENDPOINT_POLICY_TYPE_UNSPECIFIED', 'SIDECAR_PROXY', 'GRPC_SERVER']
    - name: authorizationPolicy
      value: string
      description: >
        Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
        
    - name: endpointMatcher
      value: object
      description: >
        Required. A matcher that selects endpoints to which the policies should be applied.
        
    - name: trafficPortSelector
      value: object
      description: >
        Optional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
        
    - name: description
      value: string
      description: >
        Optional. A free-text description of the resource. Max length 1024 characters.
        
    - name: serverTlsPolicy
      value: string
      description: >
        Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.
        
    - name: clientTlsPolicy
      value: string
      description: >
        Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
        
    - name: endpointPolicyId
      value: string

`UPDATE` examples

patch

Updates the parameters of a single EndpointPolicy.

UPDATE google.networkservices.endpoint_policies
SET 
data__name = '{{ name }}',
data__labels = '{{ labels }}',
data__type = '{{ type }}',
data__authorizationPolicy = '{{ authorizationPolicy }}',
data__endpointMatcher = '{{ endpointMatcher }}',
data__trafficPortSelector = '{{ trafficPortSelector }}',
data__description = '{{ description }}',
data__serverTlsPolicy = '{{ serverTlsPolicy }}',
data__clientTlsPolicy = '{{ clientTlsPolicy }}'
WHERE 
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND endpointPoliciesId = '{{ endpointPoliciesId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
done,
error,
metadata,
response;

`DELETE` examples

delete

Deletes a single EndpointPolicy.

DELETE FROM google.networkservices.endpoint_policies
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND endpointPoliciesId = '{{ endpointPoliciesId }}' --required;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​