docs: update generated docs (#981)
diff --git a/docs/dyn/compute_beta.backendServices.html b/docs/dyn/compute_beta.backendServices.html
index afb174e..efd0786 100644
--- a/docs/dyn/compute_beta.backendServices.html
+++ b/docs/dyn/compute_beta.backendServices.html
@@ -97,7 +97,7 @@
<p class="firstline">Gets the most recent health check results for this BackendService.</p>
<p class="toc_element">
<code><a href="#insert">insert(project, body=None, requestId=None)</a></code></p>
-<p class="firstline">Creates a BackendService resource in the specified project using the data included in the request. There are several restrictions and guidelines to keep in mind when creating a backend service. Read Understanding backend services for more information.</p>
+<p class="firstline">Creates a BackendService resource in the specified project using the data included in the request. For more information, see Backend services overview.</p>
<p class="toc_element">
<code><a href="#list">list(project, filter=None, maxResults=None, orderBy=None, pageToken=None)</a></code></p>
<p class="firstline">Retrieves the list of BackendService resources available to the specified project.</p>
@@ -106,7 +106,7 @@
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
<code><a href="#patch">patch(project, backendService, body=None, requestId=None)</a></code></p>
-<p class="firstline">Patches the specified BackendService resource with the data included in the request. There are several Understanding backend services to keep in mind when updating a backend service. Read Understanding backend services for more information. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.</p>
+<p class="firstline">Patches the specified BackendService resource with the data included in the request. For more information, see Backend services overview. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.</p>
<p class="toc_element">
<code><a href="#setSecurityPolicy">setSecurityPolicy(project, backendService, body=None, requestId=None)</a></code></p>
<p class="firstline">Sets the security policy for the specified backend service.</p>
@@ -115,7 +115,7 @@
<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
<p class="toc_element">
<code><a href="#update">update(project, backendService, body=None, requestId=None)</a></code></p>
-<p class="firstline">Updates the specified BackendService resource with the data included in the request. There are several Understanding backend services to keep in mind when updating a backend service. Read Understanding backend services for more information.</p>
+<p class="firstline">Updates the specified BackendService resource with the data included in the request. For more information, see Backend services overview.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="addSignedUrlKey">addSignedUrlKey(project, backendService, body=None, requestId=None)</code>
@@ -233,13 +233,13 @@
"backendServices": [ # A list of BackendServices contained in this scope.
{ # Represents a Backend Service resource.
#
- # A backend service contains configuration values for Google Cloud Platform load balancing services.
+ # A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly.
#
# Backend services in Google Compute Engine can be either regionally or globally scoped.
#
# * [Global](/compute/docs/reference/rest/{$api_version}/backendServices) * [Regional](/compute/docs/reference/rest/{$api_version}/regionBackendServices)
#
- # For more information, read Backend Services.
+ # For more information, see Backend Services.
#
# (== resource_for {$api_version}.backendService ==)
"affinityCookieTtlSec": 42, # If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is one day (86,400).
@@ -262,7 +262,7 @@
#
# - If the load balancing mode is UTILIZATION, the load is spread based on the backend utilization of instances in an instance group.
# You can use the UTILIZATION balancing mode if the loadBalancingScheme of the backend service is EXTERNAL, INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED and the backends are instance groups. There are no restrictions on the backend service protocol.
- "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
+ "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. Valid range is 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service.
#
# This cannot be used for internal load balancing.
"description": "A String", # An optional description of this resource. Provide this property when you create the resource.
@@ -377,10 +377,10 @@
"healthChecks": [ # The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently at most one health check can be specified. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet NEG backends must not have a health check. A health check must
"A String",
],
- "iap": { # Identity-Aware Proxy
- "enabled": True or False,
- "oauth2ClientId": "A String",
- "oauth2ClientSecret": "A String",
+ "iap": { # Identity-Aware Proxy # The configurations for Identity-Aware Proxy on this resource.
+ "enabled": True or False, # Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.
+ "oauth2ClientId": "A String", # OAuth2 client ID to use for the authentication flow.
+ "oauth2ClientSecret": "A String", # OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.
"oauth2ClientSecretSha256": "A String", # [Output Only] SHA256 hash value for the field oauth2_client_secret above.
},
"id": "A String", # [Output Only] The unique identifier for the resource. This identifier is defined by the server.
@@ -392,7 +392,7 @@
# - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
# - RANDOM: The load balancer selects a random healthy host.
# - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
- # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
+ # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824
#
# This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
@@ -444,8 +444,13 @@
"securitySettings": { # The authentication and authorization settings for a BackendService. # This field specifies the security policy that applies to this backend service. This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
# - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- "authentication": "A String", # A URL referring to a networksecurity.Authentication resource that describes how clients should authenticate with this service's backends. If left blank, communications between services are not encrypted (i.e., the TLS policy is set to OPEN). When sending traffic to this service's backends, the OriginationTls setting of Authentication.TransportAuthentication is applied. Refer to the Authentication and Authentication.TransportAuthentication.OriginationTls resources for additional details. authentication only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- "subjectAltNames": [ # Optional. A list of subject alternate names to verify the subject identity (SAN) in the certificate presented by the server, to authorize the SAN list as identities to run the service represented by this BackendService. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. Only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ "authentication": "A String", # [Deprecated] Use clientTlsPolicy instead.
+ "clientTlsPolicy": "A String", # Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends.
+ # clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ # If left blank, communications are not encrypted.
+ "subjectAltNames": [ # Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service.
+ # Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities.
+ # Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
"A String",
],
},
@@ -457,7 +462,7 @@
# When the loadBalancingScheme is INTERNAL, possible values are NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.
#
# When the loadBalancingScheme is INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED, possible values are NONE, CLIENT_IP, GENERATED_COOKIE, HEADER_FIELD, or HTTP_COOKIE.
- "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information read, Backend service settings The default is 30 seconds.
+ "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings The default is 30 seconds.
},
],
"warning": { # Informational warning which replaces the list of backend services when the list is empty.
@@ -670,13 +675,13 @@
{ # Represents a Backend Service resource.
#
- # A backend service contains configuration values for Google Cloud Platform load balancing services.
+ # A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly.
#
# Backend services in Google Compute Engine can be either regionally or globally scoped.
#
# * [Global](/compute/docs/reference/rest/{$api_version}/backendServices) * [Regional](/compute/docs/reference/rest/{$api_version}/regionBackendServices)
#
- # For more information, read Backend Services.
+ # For more information, see Backend Services.
#
# (== resource_for {$api_version}.backendService ==)
"affinityCookieTtlSec": 42, # If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is one day (86,400).
@@ -699,7 +704,7 @@
#
# - If the load balancing mode is UTILIZATION, the load is spread based on the backend utilization of instances in an instance group.
# You can use the UTILIZATION balancing mode if the loadBalancingScheme of the backend service is EXTERNAL, INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED and the backends are instance groups. There are no restrictions on the backend service protocol.
- "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
+ "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. Valid range is 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service.
#
# This cannot be used for internal load balancing.
"description": "A String", # An optional description of this resource. Provide this property when you create the resource.
@@ -814,10 +819,10 @@
"healthChecks": [ # The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently at most one health check can be specified. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet NEG backends must not have a health check. A health check must
"A String",
],
- "iap": { # Identity-Aware Proxy
- "enabled": True or False,
- "oauth2ClientId": "A String",
- "oauth2ClientSecret": "A String",
+ "iap": { # Identity-Aware Proxy # The configurations for Identity-Aware Proxy on this resource.
+ "enabled": True or False, # Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.
+ "oauth2ClientId": "A String", # OAuth2 client ID to use for the authentication flow.
+ "oauth2ClientSecret": "A String", # OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.
"oauth2ClientSecretSha256": "A String", # [Output Only] SHA256 hash value for the field oauth2_client_secret above.
},
"id": "A String", # [Output Only] The unique identifier for the resource. This identifier is defined by the server.
@@ -829,7 +834,7 @@
# - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
# - RANDOM: The load balancer selects a random healthy host.
# - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
- # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
+ # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824
#
# This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
@@ -881,8 +886,13 @@
"securitySettings": { # The authentication and authorization settings for a BackendService. # This field specifies the security policy that applies to this backend service. This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
# - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- "authentication": "A String", # A URL referring to a networksecurity.Authentication resource that describes how clients should authenticate with this service's backends. If left blank, communications between services are not encrypted (i.e., the TLS policy is set to OPEN). When sending traffic to this service's backends, the OriginationTls setting of Authentication.TransportAuthentication is applied. Refer to the Authentication and Authentication.TransportAuthentication.OriginationTls resources for additional details. authentication only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- "subjectAltNames": [ # Optional. A list of subject alternate names to verify the subject identity (SAN) in the certificate presented by the server, to authorize the SAN list as identities to run the service represented by this BackendService. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. Only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ "authentication": "A String", # [Deprecated] Use clientTlsPolicy instead.
+ "clientTlsPolicy": "A String", # Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends.
+ # clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ # If left blank, communications are not encrypted.
+ "subjectAltNames": [ # Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service.
+ # Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities.
+ # Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
"A String",
],
},
@@ -894,7 +904,7 @@
# When the loadBalancingScheme is INTERNAL, possible values are NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.
#
# When the loadBalancingScheme is INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED, possible values are NONE, CLIENT_IP, GENERATED_COOKIE, HEADER_FIELD, or HTTP_COOKIE.
- "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information read, Backend service settings The default is 30 seconds.
+ "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings The default is 30 seconds.
}</pre>
</div>
@@ -941,7 +951,7 @@
<div class="method">
<code class="details" id="insert">insert(project, body=None, requestId=None)</code>
- <pre>Creates a BackendService resource in the specified project using the data included in the request. There are several restrictions and guidelines to keep in mind when creating a backend service. Read Understanding backend services for more information.
+ <pre>Creates a BackendService resource in the specified project using the data included in the request. For more information, see Backend services overview.
Args:
project: string, Project ID for this request. (required)
@@ -950,13 +960,13 @@
{ # Represents a Backend Service resource.
#
- # A backend service contains configuration values for Google Cloud Platform load balancing services.
+ # A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly.
#
# Backend services in Google Compute Engine can be either regionally or globally scoped.
#
# * [Global](/compute/docs/reference/rest/{$api_version}/backendServices) * [Regional](/compute/docs/reference/rest/{$api_version}/regionBackendServices)
#
- # For more information, read Backend Services.
+ # For more information, see Backend Services.
#
# (== resource_for {$api_version}.backendService ==)
"affinityCookieTtlSec": 42, # If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is one day (86,400).
@@ -979,7 +989,7 @@
#
# - If the load balancing mode is UTILIZATION, the load is spread based on the backend utilization of instances in an instance group.
# You can use the UTILIZATION balancing mode if the loadBalancingScheme of the backend service is EXTERNAL, INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED and the backends are instance groups. There are no restrictions on the backend service protocol.
- "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
+ "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. Valid range is 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service.
#
# This cannot be used for internal load balancing.
"description": "A String", # An optional description of this resource. Provide this property when you create the resource.
@@ -1094,10 +1104,10 @@
"healthChecks": [ # The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently at most one health check can be specified. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet NEG backends must not have a health check. A health check must
"A String",
],
- "iap": { # Identity-Aware Proxy
- "enabled": True or False,
- "oauth2ClientId": "A String",
- "oauth2ClientSecret": "A String",
+ "iap": { # Identity-Aware Proxy # The configurations for Identity-Aware Proxy on this resource.
+ "enabled": True or False, # Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.
+ "oauth2ClientId": "A String", # OAuth2 client ID to use for the authentication flow.
+ "oauth2ClientSecret": "A String", # OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.
"oauth2ClientSecretSha256": "A String", # [Output Only] SHA256 hash value for the field oauth2_client_secret above.
},
"id": "A String", # [Output Only] The unique identifier for the resource. This identifier is defined by the server.
@@ -1109,7 +1119,7 @@
# - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
# - RANDOM: The load balancer selects a random healthy host.
# - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
- # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
+ # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824
#
# This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
@@ -1161,8 +1171,13 @@
"securitySettings": { # The authentication and authorization settings for a BackendService. # This field specifies the security policy that applies to this backend service. This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
# - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- "authentication": "A String", # A URL referring to a networksecurity.Authentication resource that describes how clients should authenticate with this service's backends. If left blank, communications between services are not encrypted (i.e., the TLS policy is set to OPEN). When sending traffic to this service's backends, the OriginationTls setting of Authentication.TransportAuthentication is applied. Refer to the Authentication and Authentication.TransportAuthentication.OriginationTls resources for additional details. authentication only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- "subjectAltNames": [ # Optional. A list of subject alternate names to verify the subject identity (SAN) in the certificate presented by the server, to authorize the SAN list as identities to run the service represented by this BackendService. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. Only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ "authentication": "A String", # [Deprecated] Use clientTlsPolicy instead.
+ "clientTlsPolicy": "A String", # Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends.
+ # clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ # If left blank, communications are not encrypted.
+ "subjectAltNames": [ # Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service.
+ # Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities.
+ # Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
"A String",
],
},
@@ -1174,7 +1189,7 @@
# When the loadBalancingScheme is INTERNAL, possible values are NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.
#
# When the loadBalancingScheme is INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED, possible values are NONE, CLIENT_IP, GENERATED_COOKIE, HEADER_FIELD, or HTTP_COOKIE.
- "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information read, Backend service settings The default is 30 seconds.
+ "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings The default is 30 seconds.
}
requestId: string, An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.
@@ -1275,13 +1290,13 @@
"items": [ # A list of BackendService resources.
{ # Represents a Backend Service resource.
#
- # A backend service contains configuration values for Google Cloud Platform load balancing services.
+ # A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly.
#
# Backend services in Google Compute Engine can be either regionally or globally scoped.
#
# * [Global](/compute/docs/reference/rest/{$api_version}/backendServices) * [Regional](/compute/docs/reference/rest/{$api_version}/regionBackendServices)
#
- # For more information, read Backend Services.
+ # For more information, see Backend Services.
#
# (== resource_for {$api_version}.backendService ==)
"affinityCookieTtlSec": 42, # If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is one day (86,400).
@@ -1304,7 +1319,7 @@
#
# - If the load balancing mode is UTILIZATION, the load is spread based on the backend utilization of instances in an instance group.
# You can use the UTILIZATION balancing mode if the loadBalancingScheme of the backend service is EXTERNAL, INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED and the backends are instance groups. There are no restrictions on the backend service protocol.
- "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
+ "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. Valid range is 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service.
#
# This cannot be used for internal load balancing.
"description": "A String", # An optional description of this resource. Provide this property when you create the resource.
@@ -1419,10 +1434,10 @@
"healthChecks": [ # The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently at most one health check can be specified. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet NEG backends must not have a health check. A health check must
"A String",
],
- "iap": { # Identity-Aware Proxy
- "enabled": True or False,
- "oauth2ClientId": "A String",
- "oauth2ClientSecret": "A String",
+ "iap": { # Identity-Aware Proxy # The configurations for Identity-Aware Proxy on this resource.
+ "enabled": True or False, # Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.
+ "oauth2ClientId": "A String", # OAuth2 client ID to use for the authentication flow.
+ "oauth2ClientSecret": "A String", # OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.
"oauth2ClientSecretSha256": "A String", # [Output Only] SHA256 hash value for the field oauth2_client_secret above.
},
"id": "A String", # [Output Only] The unique identifier for the resource. This identifier is defined by the server.
@@ -1434,7 +1449,7 @@
# - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
# - RANDOM: The load balancer selects a random healthy host.
# - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
- # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
+ # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824
#
# This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
@@ -1486,8 +1501,13 @@
"securitySettings": { # The authentication and authorization settings for a BackendService. # This field specifies the security policy that applies to this backend service. This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
# - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- "authentication": "A String", # A URL referring to a networksecurity.Authentication resource that describes how clients should authenticate with this service's backends. If left blank, communications between services are not encrypted (i.e., the TLS policy is set to OPEN). When sending traffic to this service's backends, the OriginationTls setting of Authentication.TransportAuthentication is applied. Refer to the Authentication and Authentication.TransportAuthentication.OriginationTls resources for additional details. authentication only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- "subjectAltNames": [ # Optional. A list of subject alternate names to verify the subject identity (SAN) in the certificate presented by the server, to authorize the SAN list as identities to run the service represented by this BackendService. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. Only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ "authentication": "A String", # [Deprecated] Use clientTlsPolicy instead.
+ "clientTlsPolicy": "A String", # Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends.
+ # clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ # If left blank, communications are not encrypted.
+ "subjectAltNames": [ # Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service.
+ # Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities.
+ # Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
"A String",
],
},
@@ -1499,7 +1519,7 @@
# When the loadBalancingScheme is INTERNAL, possible values are NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.
#
# When the loadBalancingScheme is INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED, possible values are NONE, CLIENT_IP, GENERATED_COOKIE, HEADER_FIELD, or HTTP_COOKIE.
- "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information read, Backend service settings The default is 30 seconds.
+ "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings The default is 30 seconds.
},
],
"kind": "compute#backendServiceList", # [Output Only] Type of resource. Always compute#backendServiceList for lists of backend services.
@@ -1535,7 +1555,7 @@
<div class="method">
<code class="details" id="patch">patch(project, backendService, body=None, requestId=None)</code>
- <pre>Patches the specified BackendService resource with the data included in the request. There are several Understanding backend services to keep in mind when updating a backend service. Read Understanding backend services for more information. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.
+ <pre>Patches the specified BackendService resource with the data included in the request. For more information, see Backend services overview. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.
Args:
project: string, Project ID for this request. (required)
@@ -1545,13 +1565,13 @@
{ # Represents a Backend Service resource.
#
- # A backend service contains configuration values for Google Cloud Platform load balancing services.
+ # A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly.
#
# Backend services in Google Compute Engine can be either regionally or globally scoped.
#
# * [Global](/compute/docs/reference/rest/{$api_version}/backendServices) * [Regional](/compute/docs/reference/rest/{$api_version}/regionBackendServices)
#
- # For more information, read Backend Services.
+ # For more information, see Backend Services.
#
# (== resource_for {$api_version}.backendService ==)
"affinityCookieTtlSec": 42, # If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is one day (86,400).
@@ -1574,7 +1594,7 @@
#
# - If the load balancing mode is UTILIZATION, the load is spread based on the backend utilization of instances in an instance group.
# You can use the UTILIZATION balancing mode if the loadBalancingScheme of the backend service is EXTERNAL, INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED and the backends are instance groups. There are no restrictions on the backend service protocol.
- "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
+ "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. Valid range is 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service.
#
# This cannot be used for internal load balancing.
"description": "A String", # An optional description of this resource. Provide this property when you create the resource.
@@ -1689,10 +1709,10 @@
"healthChecks": [ # The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently at most one health check can be specified. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet NEG backends must not have a health check. A health check must
"A String",
],
- "iap": { # Identity-Aware Proxy
- "enabled": True or False,
- "oauth2ClientId": "A String",
- "oauth2ClientSecret": "A String",
+ "iap": { # Identity-Aware Proxy # The configurations for Identity-Aware Proxy on this resource.
+ "enabled": True or False, # Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.
+ "oauth2ClientId": "A String", # OAuth2 client ID to use for the authentication flow.
+ "oauth2ClientSecret": "A String", # OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.
"oauth2ClientSecretSha256": "A String", # [Output Only] SHA256 hash value for the field oauth2_client_secret above.
},
"id": "A String", # [Output Only] The unique identifier for the resource. This identifier is defined by the server.
@@ -1704,7 +1724,7 @@
# - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
# - RANDOM: The load balancer selects a random healthy host.
# - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
- # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
+ # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824
#
# This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
@@ -1756,8 +1776,13 @@
"securitySettings": { # The authentication and authorization settings for a BackendService. # This field specifies the security policy that applies to this backend service. This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
# - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- "authentication": "A String", # A URL referring to a networksecurity.Authentication resource that describes how clients should authenticate with this service's backends. If left blank, communications between services are not encrypted (i.e., the TLS policy is set to OPEN). When sending traffic to this service's backends, the OriginationTls setting of Authentication.TransportAuthentication is applied. Refer to the Authentication and Authentication.TransportAuthentication.OriginationTls resources for additional details. authentication only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- "subjectAltNames": [ # Optional. A list of subject alternate names to verify the subject identity (SAN) in the certificate presented by the server, to authorize the SAN list as identities to run the service represented by this BackendService. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. Only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ "authentication": "A String", # [Deprecated] Use clientTlsPolicy instead.
+ "clientTlsPolicy": "A String", # Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends.
+ # clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ # If left blank, communications are not encrypted.
+ "subjectAltNames": [ # Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service.
+ # Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities.
+ # Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
"A String",
],
},
@@ -1769,7 +1794,7 @@
# When the loadBalancingScheme is INTERNAL, possible values are NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.
#
# When the loadBalancingScheme is INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED, possible values are NONE, CLIENT_IP, GENERATED_COOKIE, HEADER_FIELD, or HTTP_COOKIE.
- "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information read, Backend service settings The default is 30 seconds.
+ "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings The default is 30 seconds.
}
requestId: string, An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.
@@ -1953,7 +1978,7 @@
<div class="method">
<code class="details" id="update">update(project, backendService, body=None, requestId=None)</code>
- <pre>Updates the specified BackendService resource with the data included in the request. There are several Understanding backend services to keep in mind when updating a backend service. Read Understanding backend services for more information.
+ <pre>Updates the specified BackendService resource with the data included in the request. For more information, see Backend services overview.
Args:
project: string, Project ID for this request. (required)
@@ -1963,13 +1988,13 @@
{ # Represents a Backend Service resource.
#
- # A backend service contains configuration values for Google Cloud Platform load balancing services.
+ # A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly.
#
# Backend services in Google Compute Engine can be either regionally or globally scoped.
#
# * [Global](/compute/docs/reference/rest/{$api_version}/backendServices) * [Regional](/compute/docs/reference/rest/{$api_version}/regionBackendServices)
#
- # For more information, read Backend Services.
+ # For more information, see Backend Services.
#
# (== resource_for {$api_version}.backendService ==)
"affinityCookieTtlSec": 42, # If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is one day (86,400).
@@ -1992,7 +2017,7 @@
#
# - If the load balancing mode is UTILIZATION, the load is spread based on the backend utilization of instances in an instance group.
# You can use the UTILIZATION balancing mode if the loadBalancingScheme of the backend service is EXTERNAL, INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED and the backends are instance groups. There are no restrictions on the backend service protocol.
- "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
+ "capacityScaler": 3.14, # A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. Valid range is 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service.
#
# This cannot be used for internal load balancing.
"description": "A String", # An optional description of this resource. Provide this property when you create the resource.
@@ -2107,10 +2132,10 @@
"healthChecks": [ # The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently at most one health check can be specified. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet NEG backends must not have a health check. A health check must
"A String",
],
- "iap": { # Identity-Aware Proxy
- "enabled": True or False,
- "oauth2ClientId": "A String",
- "oauth2ClientSecret": "A String",
+ "iap": { # Identity-Aware Proxy # The configurations for Identity-Aware Proxy on this resource.
+ "enabled": True or False, # Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.
+ "oauth2ClientId": "A String", # OAuth2 client ID to use for the authentication flow.
+ "oauth2ClientSecret": "A String", # OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.
"oauth2ClientSecretSha256": "A String", # [Output Only] SHA256 hash value for the field oauth2_client_secret above.
},
"id": "A String", # [Output Only] The unique identifier for the resource. This identifier is defined by the server.
@@ -2122,7 +2147,7 @@
# - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
# - RANDOM: The load balancer selects a random healthy host.
# - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
- # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
+ # - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824
#
# This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
@@ -2174,8 +2199,13 @@
"securitySettings": { # The authentication and authorization settings for a BackendService. # This field specifies the security policy that applies to this backend service. This field is applicable to either:
# - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED.
# - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- "authentication": "A String", # A URL referring to a networksecurity.Authentication resource that describes how clients should authenticate with this service's backends. If left blank, communications between services are not encrypted (i.e., the TLS policy is set to OPEN). When sending traffic to this service's backends, the OriginationTls setting of Authentication.TransportAuthentication is applied. Refer to the Authentication and Authentication.TransportAuthentication.OriginationTls resources for additional details. authentication only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- "subjectAltNames": [ # Optional. A list of subject alternate names to verify the subject identity (SAN) in the certificate presented by the server, to authorize the SAN list as identities to run the service represented by this BackendService. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. Only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ "authentication": "A String", # [Deprecated] Use clientTlsPolicy instead.
+ "clientTlsPolicy": "A String", # Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends.
+ # clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+ # If left blank, communications are not encrypted.
+ "subjectAltNames": [ # Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service.
+ # Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities.
+ # Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
"A String",
],
},
@@ -2187,7 +2217,7 @@
# When the loadBalancingScheme is INTERNAL, possible values are NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.
#
# When the loadBalancingScheme is INTERNAL_SELF_MANAGED, or INTERNAL_MANAGED, possible values are NONE, CLIENT_IP, GENERATED_COOKIE, HEADER_FIELD, or HTTP_COOKIE.
- "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information read, Backend service settings The default is 30 seconds.
+ "timeoutSec": 42, # The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings The default is 30 seconds.
}
requestId: string, An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.