Resource: BackendAuthenticationConfig
BackendAuthenticationConfig message groups the TrustConfig together with other settings that control how the load balancer authenticates, and expresses its identity to, the backend:
trustConfigis the attached TrustConfig.wellKnownRootsindicates whether the load balance should trust backend server certificates that are issued by public certificate authorities, in addition to certificates trusted by the TrustConfig.clientCertificateis a client certificate that the load balancer uses to express its identity to the backend, if the connection to the backend uses mTLS.
You can attach the BackendAuthenticationConfig to the load balancer’s BackendService directly determining how that BackendService negotiates TLS.
| JSON representation |
|---|
{
"name": string,
"description": string,
"createTime": string,
"updateTime": string,
"labels": {
string: string,
...
},
"clientCertificate": string,
"trustConfig": string,
"wellKnownRoots": enum ( |
| Fields | |
|---|---|
name |
Required. Name of the BackendAuthenticationConfig resource. It matches the pattern |
description |
Optional. Free-text description of the resource. |
createTime |
Output only. The timestamp when the resource was created. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
updateTime |
Output only. The timestamp when the resource was updated. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
labels |
Set of label tags associated with the resource. An object containing a list of |
clientCertificate |
Optional. A reference to a certificatemanager.googleapis.com.Certificate resource. This is a relative resource path following the form "projects/{project}/locations/{location}/certificates/{certificate}". Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope. |
trustConfig |
Optional. A reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trustConfig}". A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS. |
wellKnownRoots |
Well known roots to use for server certificate validation. |
etag |
Output only. Etag of the resource. |
WellKnownRoots
Enum to specify the well known roots to use for server certificate validation.
| Enums | |
|---|---|
WELL_KNOWN_ROOTS_UNSPECIFIED |
Equivalent to NONE. |
NONE |
The BackendService will only validate server certificates against roots specified in TrustConfig. |
PUBLIC_ROOTS |
The BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend. Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice. |
Methods |
|
|---|---|
|
Creates a new BackendAuthenticationConfig in a given project and location. |
|
Deletes a single BackendAuthenticationConfig to BackendAuthenticationConfig. |
|
Gets details of a single BackendAuthenticationConfig to BackendAuthenticationConfig. |
|
Lists BackendAuthenticationConfigs in a given project and location. |
|
Updates the parameters of a single BackendAuthenticationConfig to BackendAuthenticationConfig. |