Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add securitySettings to the backendService #5003

Merged
merged 4 commits into from
Aug 12, 2021
Merged

Add securitySettings to the backendService #5003

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
249fadc
Add securitySettings to the backendService
sanjaypujare Jul 27, 2021
34236ba
add min_version: beta for the 2 properties
sanjaypujare Jul 30, 2021
29d8083
make ClientTlsPolicy a ResourceRef as per the review comment
sanjaypujare Aug 2, 2021
bae4416
address more review comments
sanjaypujare Aug 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions mmv1/products/compute/api.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1672,6 +1672,34 @@ objects:
name: 'securityPolicy'
description: |
The security policy associated with this backend service.
- !ruby/object:Api::Type::NestedObject
name: 'securitySettings'
sanjaypujare marked this conversation as resolved.
Show resolved Hide resolved
min_version: beta
description: |
The security settings that apply to this backend service. This field is applicable to either
a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: you have only added this to global backend service- is that intentional?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, because we need support for global BES urgently (as requested by the user/customer). We can add support for regional BES later once there is need for it (and we confirm the feature works with those)

load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the
load_balancing_scheme set to INTERNAL_SELF_MANAGED.
properties:
sanjaypujare marked this conversation as resolved.
Show resolved Hide resolved
- !ruby/object:Api::Type::ResourceRef
name: 'clientTlsPolicy'
resource: 'Region' # TODO: 'Region' is incorrect and should be 'ClientTlsPolicy'
imports: 'name'
min_version: beta
description: |
ClientTlsPolicy is a resource that specifies how a client should authenticate
connections to backends of a service. This resource itself does not affect
configuration unless it is attached to a backend service resource.
required: true
- !ruby/object:Api::Type::Array
name: 'subjectAltNames'
min_version: beta
description: |
A list of alternate names to verify the subject identity in the certificate.
If specified, the client will verify that the server certificate's subject
alt name matches one of the specified values.
required: true
item_type: Api::Type::String
- !ruby/object:Api::Type::Enum
name: 'sessionAffinity'
description: |
Expand Down