xref: /aosp_15_r20/external/googleapis/google/cloud/networkservices/v1beta1/endpoint_policy.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.networkservices.v1beta1;
18
19import "google/api/field_behavior.proto";
20import "google/api/resource.proto";
21import "google/cloud/networkservices/v1beta1/common.proto";
22import "google/protobuf/field_mask.proto";
23import "google/protobuf/timestamp.proto";
24
25option csharp_namespace = "Google.Cloud.NetworkServices.V1Beta1";
26option go_package = "cloud.google.com/go/networkservices/apiv1beta1/networkservicespb;networkservicespb";
27option java_multiple_files = true;
28option java_outer_classname = "EndpointPolicyProto";
29option java_package = "com.google.cloud.networkservices.v1beta1";
30option php_namespace = "Google\\Cloud\\NetworkServices\\V1beta1";
31option ruby_package = "Google::Cloud::NetworkServices::V1beta1";
32option (google.api.resource_definition) = {
33  type: "networksecurity.googleapis.com/AuthorizationPolicy"
34  pattern: "projects/{project}/locations/{location}/authorizationPolicies/{authorization_policy}"
35};
36option (google.api.resource_definition) = {
37  type: "networksecurity.googleapis.com/ServerTlsPolicy"
38  pattern: "projects/{project}/locations/{location}/serverTlsPolicies/{server_tls_policy}"
39};
40option (google.api.resource_definition) = {
41  type: "networksecurity.googleapis.com/ClientTlsPolicy"
42  pattern: "projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}"
43};
44
45// EndpointPolicy is a resource that helps apply desired configuration
46// on the endpoints that match specific criteria.
47// For example, this resource can be used to apply "authentication config"
48// an all endpoints that serve on port 8080.
49message EndpointPolicy {
50  option (google.api.resource) = {
51    type: "networkservices.googleapis.com/EndpointPolicy"
52    pattern: "projects/{project}/locations/{location}/endpointPolicies/{endpoint_policy}"
53  };
54
55  // The type of endpoint policy.
56  enum EndpointPolicyType {
57    // Default value. Must not be used.
58    ENDPOINT_POLICY_TYPE_UNSPECIFIED = 0;
59
60    // Represents a proxy deployed as a sidecar.
61    SIDECAR_PROXY = 1;
62
63    // Represents a proxyless gRPC backend.
64    GRPC_SERVER = 2;
65  }
66
67  // Required. Name of the EndpointPolicy resource. It matches pattern
68  // `projects/{project}/locations/global/endpointPolicies/{endpoint_policy}`.
69  string name = 1 [(google.api.field_behavior) = REQUIRED];
70
71  // Output only. The timestamp when the resource was created.
72  google.protobuf.Timestamp create_time = 2
73      [(google.api.field_behavior) = OUTPUT_ONLY];
74
75  // Output only. The timestamp when the resource was updated.
76  google.protobuf.Timestamp update_time = 3
77      [(google.api.field_behavior) = OUTPUT_ONLY];
78
79  // Optional. Set of label tags associated with the EndpointPolicy resource.
80  map<string, string> labels = 4 [(google.api.field_behavior) = OPTIONAL];
81
82  // Required. The type of endpoint policy. This is primarily used to validate
83  // the configuration.
84  EndpointPolicyType type = 5 [(google.api.field_behavior) = REQUIRED];
85
86  // Optional. This field specifies the URL of AuthorizationPolicy resource that
87  // applies authorization policies to the inbound traffic at the
88  // matched endpoints. Refer to Authorization. If this field is not
89  // specified, authorization is disabled(no authz checks) for this
90  // endpoint.
91  string authorization_policy = 7 [
92    (google.api.field_behavior) = OPTIONAL,
93    (google.api.resource_reference) = {
94      type: "networksecurity.googleapis.com/AuthorizationPolicy"
95    }
96  ];
97
98  // Required. A matcher that selects endpoints to which the policies should be
99  // applied.
100  EndpointMatcher endpoint_matcher = 9 [(google.api.field_behavior) = REQUIRED];
101
102  // Optional. Port selector for the (matched) endpoints. If no port selector is
103  // provided, the matched config is applied to all ports.
104  TrafficPortSelector traffic_port_selector = 10
105      [(google.api.field_behavior) = OPTIONAL];
106
107  // Optional. A free-text description of the resource. Max length 1024
108  // characters.
109  string description = 11 [(google.api.field_behavior) = OPTIONAL];
110
111  // Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is
112  // used to determine the authentication policy to be applied to terminate the
113  // inbound traffic at the identified backends. If this field is not set,
114  // authentication is disabled(open) for this endpoint.
115  string server_tls_policy = 12 [
116    (google.api.field_behavior) = OPTIONAL,
117    (google.api.resource_reference) = {
118      type: "networksecurity.googleapis.com/ServerTlsPolicy"
119    }
120  ];
121
122  // Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy
123  // can be set to specify the authentication for traffic from the proxy to the
124  // actual endpoints. More specifically, it is applied to the outgoing traffic
125  // from the proxy to the endpoint. This is typically used for sidecar model
126  // where the proxy identifies itself as endpoint to the control plane, with
127  // the connection between sidecar and endpoint requiring authentication. If
128  // this field is not set, authentication is disabled(open). Applicable only
129  // when EndpointPolicyType is SIDECAR_PROXY.
130  string client_tls_policy = 13 [
131    (google.api.field_behavior) = OPTIONAL,
132    (google.api.resource_reference) = {
133      type: "networksecurity.googleapis.com/ClientTlsPolicy"
134    }
135  ];
136}
137
138// Request used with the ListEndpointPolicies method.
139message ListEndpointPoliciesRequest {
140  // Required. The project and location from which the EndpointPolicies should
141  // be listed, specified in the format `projects/*/locations/global`.
142  string parent = 1 [
143    (google.api.field_behavior) = REQUIRED,
144    (google.api.resource_reference) = {
145      child_type: "networkservices.googleapis.com/EndpointPolicy"
146    }
147  ];
148
149  // Maximum number of EndpointPolicies to return per call.
150  int32 page_size = 2;
151
152  // The value returned by the last `ListEndpointPoliciesResponse`
153  // Indicates that this is a continuation of a prior
154  // `ListEndpointPolicies` call, and that the system should return the
155  // next page of data.
156  string page_token = 3;
157}
158
159// Response returned by the ListEndpointPolicies method.
160message ListEndpointPoliciesResponse {
161  // List of EndpointPolicy resources.
162  repeated EndpointPolicy endpoint_policies = 1;
163
164  // If there might be more results than those appearing in this response, then
165  // `next_page_token` is included. To get the next set of results, call this
166  // method again using the value of `next_page_token` as `page_token`.
167  string next_page_token = 2;
168}
169
170// Request used with the GetEndpointPolicy method.
171message GetEndpointPolicyRequest {
172  // Required. A name of the EndpointPolicy to get. Must be in the format
173  // `projects/*/locations/global/endpointPolicies/*`.
174  string name = 1 [
175    (google.api.field_behavior) = REQUIRED,
176    (google.api.resource_reference) = {
177      type: "networkservices.googleapis.com/EndpointPolicy"
178    }
179  ];
180}
181
182// Request used with the CreateEndpointPolicy method.
183message CreateEndpointPolicyRequest {
184  // Required. The parent resource of the EndpointPolicy. Must be in the
185  // format `projects/*/locations/global`.
186  string parent = 1 [
187    (google.api.field_behavior) = REQUIRED,
188    (google.api.resource_reference) = {
189      child_type: "networkservices.googleapis.com/EndpointPolicy"
190    }
191  ];
192
193  // Required. Short name of the EndpointPolicy resource to be created.
194  // E.g. "CustomECS".
195  string endpoint_policy_id = 2 [(google.api.field_behavior) = REQUIRED];
196
197  // Required. EndpointPolicy resource to be created.
198  EndpointPolicy endpoint_policy = 3 [(google.api.field_behavior) = REQUIRED];
199}
200
201// Request used with the UpdateEndpointPolicy method.
202message UpdateEndpointPolicyRequest {
203  // Optional. Field mask is used to specify the fields to be overwritten in the
204  // EndpointPolicy resource by the update.
205  // The fields specified in the update_mask are relative to the resource, not
206  // the full request. A field will be overwritten if it is in the mask. If the
207  // user does not provide a mask then all fields will be overwritten.
208  google.protobuf.FieldMask update_mask = 1
209      [(google.api.field_behavior) = OPTIONAL];
210
211  // Required. Updated EndpointPolicy resource.
212  EndpointPolicy endpoint_policy = 2 [(google.api.field_behavior) = REQUIRED];
213}
214
215// Request used with the DeleteEndpointPolicy method.
216message DeleteEndpointPolicyRequest {
217  // Required. A name of the EndpointPolicy to delete. Must be in the format
218  // `projects/*/locations/global/endpointPolicies/*`.
219  string name = 1 [
220    (google.api.field_behavior) = REQUIRED,
221    (google.api.resource_reference) = {
222      type: "networkservices.googleapis.com/EndpointPolicy"
223    }
224  ];
225}
226