1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.networksecurity.v1; 18 19import "google/api/field_behavior.proto"; 20 21option csharp_namespace = "Google.Cloud.NetworkSecurity.V1"; 22option go_package = "cloud.google.com/go/networksecurity/apiv1/networksecuritypb;networksecuritypb"; 23option java_multiple_files = true; 24option java_outer_classname = "TlsProto"; 25option java_package = "com.google.cloud.networksecurity.v1"; 26option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1"; 27option ruby_package = "Google::Cloud::NetworkSecurity::V1"; 28 29// Specification of the GRPC Endpoint. 30message GrpcEndpoint { 31 // Required. The target URI of the gRPC endpoint. Only UDS path is supported, and 32 // should start with "unix:". 33 string target_uri = 1 [(google.api.field_behavior) = REQUIRED]; 34} 35 36// Specification of ValidationCA. Defines the mechanism to obtain the 37// Certificate Authority certificate to validate the peer certificate. 38message ValidationCA { 39 // The type of certificate provider which provides the CA certificate. 40 oneof type { 41 // gRPC specific configuration to access the gRPC server to 42 // obtain the CA certificate. 43 GrpcEndpoint grpc_endpoint = 2; 44 45 // The certificate provider instance specification that will be passed to 46 // the data plane, which will be used to load necessary credential 47 // information. 48 CertificateProviderInstance certificate_provider_instance = 3; 49 } 50} 51 52// Specification of a TLS certificate provider instance. Workloads may have one 53// or more CertificateProvider instances (plugins) and one of them is enabled 54// and configured by specifying this message. Workloads use the values from this 55// message to locate and load the CertificateProvider instance configuration. 56message CertificateProviderInstance { 57 // Required. Plugin instance name, used to locate and load CertificateProvider instance 58 // configuration. Set to "google_cloud_private_spiffe" to use Certificate 59 // Authority Service certificate provider instance. 60 string plugin_instance = 1 [(google.api.field_behavior) = REQUIRED]; 61} 62 63// Specification of certificate provider. Defines the mechanism to obtain the 64// certificate and private key for peer to peer authentication. 65message CertificateProvider { 66 // The type of certificate provider which provides the certificates and 67 // private keys. 68 oneof type { 69 // gRPC specific configuration to access the gRPC server to 70 // obtain the cert and private key. 71 GrpcEndpoint grpc_endpoint = 2; 72 73 // The certificate provider instance specification that will be passed to 74 // the data plane, which will be used to load necessary credential 75 // information. 76 CertificateProviderInstance certificate_provider_instance = 3; 77 } 78} 79