This product is not supported for your selected Datadog site. ().

gcp_networksecurity_tls_inspection_policy

ancestors

Type: UNORDERED_LIST_STRING

ca_pool

Type: STRING
Provider name: caPool
Description: Required. A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form “projects/{project}/locations/{location}/caPools/{ca_pool}”.

create_time

Type: TIMESTAMP
Provider name: createTime
Description: Output only. The timestamp when the resource was created.

custom_tls_features

Type: UNORDERED_LIST_STRING
Provider name: customTlsFeatures
Description: Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.

description

Type: STRING
Provider name: description
Description: Optional. Free-text description of the resource.

exclude_public_ca_set

Type: BOOLEAN
Provider name: excludePublicCaSet
Description: Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to “false” and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.

labels

Type: UNORDERED_LIST_STRING

min_tls_version

Type: STRING
Provider name: minTlsVersion
Description: Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
Possible values:

  • TLS_VERSION_UNSPECIFIED - Indicates no TLS version was specified.
  • TLS_1_0 - TLS 1.0
  • TLS_1_1 - TLS 1.1
  • TLS_1_2 - TLS 1.2
  • TLS_1_3 - TLS 1.3

name

Type: STRING
Provider name: name
Description: Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).

organization_id

Type: STRING

parent

Type: STRING

project_id

Type: STRING

project_number

Type: STRING

resource_name

Type: STRING

tags

Type: UNORDERED_LIST_STRING

tls_feature_profile

Type: STRING
Provider name: tlsFeatureProfile
Description: Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers (“PROFILE_COMPATIBLE”). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
Possible values:

  • PROFILE_UNSPECIFIED - Indicates no profile was specified.
  • PROFILE_COMPATIBLE - Compatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features to negotiate with the TLS inspection proxy.
  • PROFILE_MODERN - Modern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the TLS inspection proxy.
  • PROFILE_RESTRICTED - Restricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
  • PROFILE_CUSTOM - Custom profile. Allow only the set of allowed SSL features specified in the custom_features field of SslPolicy.

trust_config

Type: STRING
Provider name: trustConfig
Description: Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form “projects/{project}/locations/{location}/trustConfigs/{trust_config}”. This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.

update_time

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The timestamp when the resource was updated.