Class BackendServiceTlsSettings
Implements
Inherited Members
Namespace: Google.Apis.Compute.alpha.Data
Assembly: Google.Apis.Compute.alpha.dll
Syntax
public class BackendServiceTlsSettings : IDirectResponseSchemaProperties
AuthenticationConfig
Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
Declaration
[JsonProperty("authenticationConfig")]
public virtual string AuthenticationConfig { get; set; }Property Value
| Type | Description |
|---|---|
| string |
ETag
The ETag of the item.
Declaration
public virtual string ETag { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Identity
Assigns the Managed Identity for the BackendService Workload. Use this property to configure the load
balancer back-end to use certificates and roots of trust provisioned by the Managed Workload Identity
system. The identity property is the fully-specified SPIFFE ID to use in the SVID presented by the Load
Balancer Workload. The SPIFFE ID must be a resource starting with the trustDomain property value,
followed by the path to the Managed Workload Identity. Supported SPIFFE ID format: -
//<trust_domain>/ns/<namespace>/sa/<subject> The Trust Domain
within the Managed Identity must refer to a valid Workload Identity Pool. The TrustConfig and
CertificateIssuanceConfig will be inherited from the Workload Identity Pool. Restrictions: - If
you set the identity property, you cannot manually set the following fields: - tlsSettings.sni
- tlsSettings.subjectAltNames - tlsSettings.authenticationConfig When defining a identity
for a RegionBackendServices, the corresponding Workload Identity Pool must have a ca_pool configured in the
same region. The system will set up a read-onlytlsSettings.authenticationConfig for the Managed Identity.
Declaration
[JsonProperty("identity")]
public virtual string Identity { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Sni
Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port. When both sni and subjectAltNames[] are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames[].
Declaration
[JsonProperty("sni")]
public virtual string Sni { get; set; }Property Value
| Type | Description |
|---|---|
| string |
SubjectAltNames
A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames[] are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames[].
Declaration
[JsonProperty("subjectAltNames")]
public virtual IList<BackendServiceTlsSettingsSubjectAltName> SubjectAltNames { get; set; }Property Value
| Type | Description |
|---|---|
| IList<BackendServiceTlsSettingsSubjectAltName> |