1. Packages
  2. Google Cloud Native
  3. API Docs
  4. networksecurity
  5. networksecurity/v1
  6. TlsInspectionPolicy

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.networksecurity/v1.TlsInspectionPolicy

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates a new TlsInspectionPolicy in a given project and location.

    Create TlsInspectionPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new TlsInspectionPolicy(name: string, args: TlsInspectionPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def TlsInspectionPolicy(resource_name: str,
                            args: TlsInspectionPolicyArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def TlsInspectionPolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            ca_pool: Optional[str] = None,
                            tls_inspection_policy_id: Optional[str] = None,
                            custom_tls_features: Optional[Sequence[str]] = None,
                            description: Optional[str] = None,
                            exclude_public_ca_set: Optional[bool] = None,
                            location: Optional[str] = None,
                            min_tls_version: Optional[TlsInspectionPolicyMinTlsVersion] = None,
                            name: Optional[str] = None,
                            project: Optional[str] = None,
                            tls_feature_profile: Optional[TlsInspectionPolicyTlsFeatureProfile] = None,
                            trust_config: Optional[str] = None)
    func NewTlsInspectionPolicy(ctx *Context, name string, args TlsInspectionPolicyArgs, opts ...ResourceOption) (*TlsInspectionPolicy, error)
    public TlsInspectionPolicy(string name, TlsInspectionPolicyArgs args, CustomResourceOptions? opts = null)
    public TlsInspectionPolicy(String name, TlsInspectionPolicyArgs args)
    public TlsInspectionPolicy(String name, TlsInspectionPolicyArgs args, CustomResourceOptions options)
    
    type: google-native:networksecurity/v1:TlsInspectionPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args TlsInspectionPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args TlsInspectionPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args TlsInspectionPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args TlsInspectionPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args TlsInspectionPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var tlsInspectionPolicyResource = new GoogleNative.NetworkSecurity.V1.TlsInspectionPolicy("tlsInspectionPolicyResource", new()
    {
        CaPool = "string",
        TlsInspectionPolicyId = "string",
        CustomTlsFeatures = new[]
        {
            "string",
        },
        Description = "string",
        ExcludePublicCaSet = false,
        Location = "string",
        MinTlsVersion = GoogleNative.NetworkSecurity.V1.TlsInspectionPolicyMinTlsVersion.TlsVersionUnspecified,
        Name = "string",
        Project = "string",
        TlsFeatureProfile = GoogleNative.NetworkSecurity.V1.TlsInspectionPolicyTlsFeatureProfile.ProfileUnspecified,
        TrustConfig = "string",
    });
    
    example, err := networksecurity.NewTlsInspectionPolicy(ctx, "tlsInspectionPolicyResource", &networksecurity.TlsInspectionPolicyArgs{
    CaPool: pulumi.String("string"),
    TlsInspectionPolicyId: pulumi.String("string"),
    CustomTlsFeatures: pulumi.StringArray{
    pulumi.String("string"),
    },
    Description: pulumi.String("string"),
    ExcludePublicCaSet: pulumi.Bool(false),
    Location: pulumi.String("string"),
    MinTlsVersion: networksecurity.TlsInspectionPolicyMinTlsVersionTlsVersionUnspecified,
    Name: pulumi.String("string"),
    Project: pulumi.String("string"),
    TlsFeatureProfile: networksecurity.TlsInspectionPolicyTlsFeatureProfileProfileUnspecified,
    TrustConfig: pulumi.String("string"),
    })
    
    var tlsInspectionPolicyResource = new TlsInspectionPolicy("tlsInspectionPolicyResource", TlsInspectionPolicyArgs.builder()
        .caPool("string")
        .tlsInspectionPolicyId("string")
        .customTlsFeatures("string")
        .description("string")
        .excludePublicCaSet(false)
        .location("string")
        .minTlsVersion("TLS_VERSION_UNSPECIFIED")
        .name("string")
        .project("string")
        .tlsFeatureProfile("PROFILE_UNSPECIFIED")
        .trustConfig("string")
        .build());
    
    tls_inspection_policy_resource = google_native.networksecurity.v1.TlsInspectionPolicy("tlsInspectionPolicyResource",
        ca_pool="string",
        tls_inspection_policy_id="string",
        custom_tls_features=["string"],
        description="string",
        exclude_public_ca_set=False,
        location="string",
        min_tls_version=google_native.networksecurity.v1.TlsInspectionPolicyMinTlsVersion.TLS_VERSION_UNSPECIFIED,
        name="string",
        project="string",
        tls_feature_profile=google_native.networksecurity.v1.TlsInspectionPolicyTlsFeatureProfile.PROFILE_UNSPECIFIED,
        trust_config="string")
    
    const tlsInspectionPolicyResource = new google_native.networksecurity.v1.TlsInspectionPolicy("tlsInspectionPolicyResource", {
        caPool: "string",
        tlsInspectionPolicyId: "string",
        customTlsFeatures: ["string"],
        description: "string",
        excludePublicCaSet: false,
        location: "string",
        minTlsVersion: google_native.networksecurity.v1.TlsInspectionPolicyMinTlsVersion.TlsVersionUnspecified,
        name: "string",
        project: "string",
        tlsFeatureProfile: google_native.networksecurity.v1.TlsInspectionPolicyTlsFeatureProfile.ProfileUnspecified,
        trustConfig: "string",
    });
    
    type: google-native:networksecurity/v1:TlsInspectionPolicy
    properties:
        caPool: string
        customTlsFeatures:
            - string
        description: string
        excludePublicCaSet: false
        location: string
        minTlsVersion: TLS_VERSION_UNSPECIFIED
        name: string
        project: string
        tlsFeatureProfile: PROFILE_UNSPECIFIED
        tlsInspectionPolicyId: string
        trustConfig: string
    

    TlsInspectionPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The TlsInspectionPolicy resource accepts the following input properties:

    CaPool string
    A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
    TlsInspectionPolicyId string
    Required. Short name of the TlsInspectionPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "tls_inspection_policy1".
    CustomTlsFeatures List<string>
    Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
    Description string
    Optional. Free-text description of the resource.
    ExcludePublicCaSet bool
    Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
    Location string
    MinTlsVersion Pulumi.GoogleNative.NetworkSecurity.V1.TlsInspectionPolicyMinTlsVersion
    Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    Name string
    Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
    Project string
    TlsFeatureProfile Pulumi.GoogleNative.NetworkSecurity.V1.TlsInspectionPolicyTlsFeatureProfile
    Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    TrustConfig string
    Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
    CaPool string
    A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
    TlsInspectionPolicyId string
    Required. Short name of the TlsInspectionPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "tls_inspection_policy1".
    CustomTlsFeatures []string
    Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
    Description string
    Optional. Free-text description of the resource.
    ExcludePublicCaSet bool
    Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
    Location string
    MinTlsVersion TlsInspectionPolicyMinTlsVersion
    Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    Name string
    Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
    Project string
    TlsFeatureProfile TlsInspectionPolicyTlsFeatureProfile
    Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    TrustConfig string
    Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
    caPool String
    A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
    tlsInspectionPolicyId String
    Required. Short name of the TlsInspectionPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "tls_inspection_policy1".
    customTlsFeatures List<String>
    Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
    description String
    Optional. Free-text description of the resource.
    excludePublicCaSet Boolean
    Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
    location String
    minTlsVersion TlsInspectionPolicyMinTlsVersion
    Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    name String
    Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
    project String
    tlsFeatureProfile TlsInspectionPolicyTlsFeatureProfile
    Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    trustConfig String
    Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
    caPool string
    A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
    tlsInspectionPolicyId string
    Required. Short name of the TlsInspectionPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "tls_inspection_policy1".
    customTlsFeatures string[]
    Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
    description string
    Optional. Free-text description of the resource.
    excludePublicCaSet boolean
    Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
    location string
    minTlsVersion TlsInspectionPolicyMinTlsVersion
    Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    name string
    Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
    project string
    tlsFeatureProfile TlsInspectionPolicyTlsFeatureProfile
    Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    trustConfig string
    Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
    ca_pool str
    A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
    tls_inspection_policy_id str
    Required. Short name of the TlsInspectionPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "tls_inspection_policy1".
    custom_tls_features Sequence[str]
    Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
    description str
    Optional. Free-text description of the resource.
    exclude_public_ca_set bool
    Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
    location str
    min_tls_version TlsInspectionPolicyMinTlsVersion
    Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    name str
    Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
    project str
    tls_feature_profile TlsInspectionPolicyTlsFeatureProfile
    Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    trust_config str
    Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
    caPool String
    A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
    tlsInspectionPolicyId String
    Required. Short name of the TlsInspectionPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "tls_inspection_policy1".
    customTlsFeatures List<String>
    Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
    description String
    Optional. Free-text description of the resource.
    excludePublicCaSet Boolean
    Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
    location String
    minTlsVersion "TLS_VERSION_UNSPECIFIED" | "TLS_1_0" | "TLS_1_1" | "TLS_1_2" | "TLS_1_3"
    Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    name String
    Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
    project String
    tlsFeatureProfile "PROFILE_UNSPECIFIED" | "PROFILE_COMPATIBLE" | "PROFILE_MODERN" | "PROFILE_RESTRICTED" | "PROFILE_CUSTOM"
    Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
    trustConfig String
    Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the TlsInspectionPolicy resource produces the following output properties:

    CreateTime string
    The timestamp when the resource was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    The timestamp when the resource was updated.
    CreateTime string
    The timestamp when the resource was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    The timestamp when the resource was updated.
    createTime string
    The timestamp when the resource was created.
    id string
    The provider-assigned unique ID for this managed resource.
    updateTime string
    The timestamp when the resource was updated.
    create_time str
    The timestamp when the resource was created.
    id str
    The provider-assigned unique ID for this managed resource.
    update_time str
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    The timestamp when the resource was updated.

    Supporting Types

    TlsInspectionPolicyMinTlsVersion, TlsInspectionPolicyMinTlsVersionArgs

    TlsVersionUnspecified
    TLS_VERSION_UNSPECIFIEDIndicates no TLS version was specified.
    Tls10
    TLS_1_0TLS 1.0
    Tls11
    TLS_1_1TLS 1.1
    Tls12
    TLS_1_2TLS 1.2
    Tls13
    TLS_1_3TLS 1.3
    TlsInspectionPolicyMinTlsVersionTlsVersionUnspecified
    TLS_VERSION_UNSPECIFIEDIndicates no TLS version was specified.
    TlsInspectionPolicyMinTlsVersionTls10
    TLS_1_0TLS 1.0
    TlsInspectionPolicyMinTlsVersionTls11
    TLS_1_1TLS 1.1
    TlsInspectionPolicyMinTlsVersionTls12
    TLS_1_2TLS 1.2
    TlsInspectionPolicyMinTlsVersionTls13
    TLS_1_3TLS 1.3
    TlsVersionUnspecified
    TLS_VERSION_UNSPECIFIEDIndicates no TLS version was specified.
    Tls10
    TLS_1_0TLS 1.0
    Tls11
    TLS_1_1TLS 1.1
    Tls12
    TLS_1_2TLS 1.2
    Tls13
    TLS_1_3TLS 1.3
    TlsVersionUnspecified
    TLS_VERSION_UNSPECIFIEDIndicates no TLS version was specified.
    Tls10
    TLS_1_0TLS 1.0
    Tls11
    TLS_1_1TLS 1.1
    Tls12
    TLS_1_2TLS 1.2
    Tls13
    TLS_1_3TLS 1.3
    TLS_VERSION_UNSPECIFIED
    TLS_VERSION_UNSPECIFIEDIndicates no TLS version was specified.
    TLS10
    TLS_1_0TLS 1.0
    TLS11
    TLS_1_1TLS 1.1
    TLS12
    TLS_1_2TLS 1.2
    TLS13
    TLS_1_3TLS 1.3
    "TLS_VERSION_UNSPECIFIED"
    TLS_VERSION_UNSPECIFIEDIndicates no TLS version was specified.
    "TLS_1_0"
    TLS_1_0TLS 1.0
    "TLS_1_1"
    TLS_1_1TLS 1.1
    "TLS_1_2"
    TLS_1_2TLS 1.2
    "TLS_1_3"
    TLS_1_3TLS 1.3

    TlsInspectionPolicyTlsFeatureProfile, TlsInspectionPolicyTlsFeatureProfileArgs

    ProfileUnspecified
    PROFILE_UNSPECIFIEDIndicates no profile was specified.
    ProfileCompatible
    PROFILE_COMPATIBLECompatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features to negotiate with the TLS inspection proxy.
    ProfileModern
    PROFILE_MODERNModern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the TLS inspection proxy.
    ProfileRestricted
    PROFILE_RESTRICTEDRestricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
    ProfileCustom
    PROFILE_CUSTOMCustom profile. Allow only the set of allowed SSL features specified in the custom_features field of SslPolicy.
    TlsInspectionPolicyTlsFeatureProfileProfileUnspecified
    PROFILE_UNSPECIFIEDIndicates no profile was specified.
    TlsInspectionPolicyTlsFeatureProfileProfileCompatible
    PROFILE_COMPATIBLECompatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features to negotiate with the TLS inspection proxy.
    TlsInspectionPolicyTlsFeatureProfileProfileModern
    PROFILE_MODERNModern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the TLS inspection proxy.
    TlsInspectionPolicyTlsFeatureProfileProfileRestricted
    PROFILE_RESTRICTEDRestricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
    TlsInspectionPolicyTlsFeatureProfileProfileCustom
    PROFILE_CUSTOMCustom profile. Allow only the set of allowed SSL features specified in the custom_features field of SslPolicy.
    ProfileUnspecified
    PROFILE_UNSPECIFIEDIndicates no profile was specified.
    ProfileCompatible
    PROFILE_COMPATIBLECompatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features to negotiate with the TLS inspection proxy.
    ProfileModern
    PROFILE_MODERNModern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the TLS inspection proxy.
    ProfileRestricted
    PROFILE_RESTRICTEDRestricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
    ProfileCustom
    PROFILE_CUSTOMCustom profile. Allow only the set of allowed SSL features specified in the custom_features field of SslPolicy.
    ProfileUnspecified
    PROFILE_UNSPECIFIEDIndicates no profile was specified.
    ProfileCompatible
    PROFILE_COMPATIBLECompatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features to negotiate with the TLS inspection proxy.
    ProfileModern
    PROFILE_MODERNModern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the TLS inspection proxy.
    ProfileRestricted
    PROFILE_RESTRICTEDRestricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
    ProfileCustom
    PROFILE_CUSTOMCustom profile. Allow only the set of allowed SSL features specified in the custom_features field of SslPolicy.
    PROFILE_UNSPECIFIED
    PROFILE_UNSPECIFIEDIndicates no profile was specified.
    PROFILE_COMPATIBLE
    PROFILE_COMPATIBLECompatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features to negotiate with the TLS inspection proxy.
    PROFILE_MODERN
    PROFILE_MODERNModern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_RESTRICTED
    PROFILE_RESTRICTEDRestricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
    PROFILE_CUSTOM
    PROFILE_CUSTOMCustom profile. Allow only the set of allowed SSL features specified in the custom_features field of SslPolicy.
    "PROFILE_UNSPECIFIED"
    PROFILE_UNSPECIFIEDIndicates no profile was specified.
    "PROFILE_COMPATIBLE"
    PROFILE_COMPATIBLECompatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features to negotiate with the TLS inspection proxy.
    "PROFILE_MODERN"
    PROFILE_MODERNModern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the TLS inspection proxy.
    "PROFILE_RESTRICTED"
    PROFILE_RESTRICTEDRestricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
    "PROFILE_CUSTOM"
    PROFILE_CUSTOMCustom profile. Allow only the set of allowed SSL features specified in the custom_features field of SslPolicy.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi