Closed kl52752 closed 5 months ago
/cc @mag-kol /cc @AwesomePatrol
/assign @bowei
This seems to be a huge number of optional values. Are we sure we can't just set the outer struct as optional, but leave the rest of the values required?
can't just set the outer struct as optional, but leave the rest of the values required?
BackendService is very complex structure. Looking at the SecuritySettings
field there are 3 fields but each of them has restrictions when can be set and this restriction depends on LoadBalancingScheme.
type SecuritySettings struct {
// AwsV4Authentication: The configuration needed to generate a signature
// for access to private storage buckets that support AWS's Signature
// Version 4 for authentication. Allowed only for INTERNET_IP_PORT and
// INTERNET_FQDN_PORT NEG backends.
AwsV4Authentication *AWSV4Signature `json:"awsV4Authentication,omitempty"`
// ClientTlsPolicy: Optional. A URL referring to a
// networksecurity.ClientTlsPolicy resource that describes how clients
// should authenticate with this service's backends. clientTlsPolicy
// only applies to a global BackendService with the loadBalancingScheme
// set to INTERNAL_SELF_MANAGED. If left blank, communications are not
// encrypted.
ClientTlsPolicy string `json:"clientTlsPolicy,omitempty"`
// SubjectAltNames: Optional. A list of Subject Alternative Names (SANs)
// that the client verifies during a mutual TLS handshake with an
// server/endpoint for this BackendService. When the server presents its
// X.509 certificate to the client, the client inspects the
// certificate's subjectAltName field. If the field contains one of the
// specified values, the communication continues. Otherwise, it fails.
// This additional check enables the client to verify that the server is
// authorized to run the requested service. Note that the contents of
// the server certificate's subjectAltName field are configured by the
// Public Key Infrastructure which provisions server identities. Only
// applies to a global BackendService with loadBalancingScheme set to
// INTERNAL_SELF_MANAGED. Only applies when BackendService has an
// attached clientTlsPolicy with clientCertificate (mTLS mode).
SubjectAltNames []string `json:"subjectAltNames,omitempty"`
And this model when fields value depends on other setting are more.
We should file a TODO to track making this less verbose/onerous to deal with.
/lgtm /approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: bowei, kl52752
The full list of commands accepted by this bot can be found here.
The pull request process is described here