import * as pulumi from "@pulumi/pulumi"; /** * Represents a TargetHttpsProxy resource, which is used by one or more * global forwarding rule to route incoming HTTPS requests to a URL map. * * To get more information about TargetHttpsProxy, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/v1/targetHttpsProxies) * * How-to Guides * * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies) * * ## Example Usage * * ### Target Https Proxy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", { * name: "my-certificate", * privateKey: std.file({ * input: "path/to/private.key", * }).then(invoke => invoke.result), * certificate: std.file({ * input: "path/to/certificate.crt", * }).then(invoke => invoke.result), * }); * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "http-health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * healthChecks: defaultHttpHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const _default = new gcp.compute.TargetHttpsProxy("default", { * name: "test-proxy", * urlMap: defaultURLMap.id, * sslCertificates: [defaultSSLCertificate.id], * }); * ``` * ### Target Https Proxy Http Keep Alive Timeout * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", { * name: "my-certificate", * privateKey: std.file({ * input: "path/to/private.key", * }).then(invoke => invoke.result), * certificate: std.file({ * input: "path/to/certificate.crt", * }).then(invoke => invoke.result), * }); * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "http-health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * loadBalancingScheme: "EXTERNAL_MANAGED", * healthChecks: defaultHttpHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const _default = new gcp.compute.TargetHttpsProxy("default", { * name: "test-http-keep-alive-timeout-proxy", * httpKeepAliveTimeoutSec: 610, * urlMap: defaultURLMap.id, * sslCertificates: [defaultSSLCertificate.id], * }); * ``` * ### Target Https Proxy Mtls * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const project = gcp.organizations.getProject({}); * const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", { * name: "my-trust-config", * description: "sample description for the trust config", * location: "global", * trustStores: [{ * trustAnchors: [{ * pemCertificate: std.file({ * input: "test-fixtures/ca_cert.pem", * }).then(invoke => invoke.result), * }], * intermediateCas: [{ * pemCertificate: std.file({ * input: "test-fixtures/ca_cert.pem", * }).then(invoke => invoke.result), * }], * }], * labels: { * foo: "bar", * }, * }); * const defaultServerTlsPolicy = new gcp.networksecurity.ServerTlsPolicy("default", { * name: "my-tls-policy", * description: "my description", * location: "global", * allowOpen: false, * mtlsPolicy: { * clientValidationMode: "ALLOW_INVALID_OR_MISSING_CLIENT_CERT", * clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/global/trustConfigs/${name}`), * }, * }); * const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", { * name: "my-certificate", * privateKey: std.file({ * input: "path/to/private.key", * }).then(invoke => invoke.result), * certificate: std.file({ * input: "path/to/certificate.crt", * }).then(invoke => invoke.result), * }); * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "http-health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * healthChecks: defaultHttpHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const _default = new gcp.compute.TargetHttpsProxy("default", { * name: "test-mtls-proxy", * urlMap: defaultURLMap.id, * sslCertificates: [defaultSSLCertificate.id], * serverTlsPolicy: defaultServerTlsPolicy.id, * }); * ``` * ### Target Https Proxy Certificate Manager Certificate * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const defaultCertificate = new gcp.certificatemanager.Certificate("default", { * name: "my-certificate", * scope: "ALL_REGIONS", * selfManaged: { * pemCertificate: std.file({ * input: "test-fixtures/cert.pem", * }).then(invoke => invoke.result), * pemPrivateKey: std.file({ * input: "test-fixtures/private-key.pem", * }).then(invoke => invoke.result), * }, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * loadBalancingScheme: "INTERNAL_MANAGED", * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const _default = new gcp.compute.TargetHttpsProxy("default", { * name: "target-http-proxy", * urlMap: defaultURLMap.id, * certificateManagerCertificates: [pulumi.interpolate`//certificatemanager.googleapis.com/${defaultCertificate.id}`], * }); * ``` * ### Target Https Proxy Fingerprint * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", { * name: "my-certificate", * privateKey: std.file({ * input: "path/to/private.key", * }).then(invoke => invoke.result), * certificate: std.file({ * input: "path/to/certificate.crt", * }).then(invoke => invoke.result), * }); * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "http-health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * healthChecks: defaultHttpHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const _default = new gcp.compute.TargetHttpsProxy("default", { * name: "test-fingerprint-proxy", * urlMap: defaultURLMap.id, * sslCertificates: [defaultSSLCertificate.id], * }); * export const targetHttpsProxyFingerprint = _default.fingerprint; * ``` * * ## Import * * TargetHttpsProxy can be imported using any of these accepted formats: * * * `projects/{{project}}/global/targetHttpsProxies/{{name}}` * * * `{{project}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, TargetHttpsProxy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default projects/{{project}}/global/targetHttpsProxies/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{project}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{name}} * ``` */ export declare class TargetHttpsProxy extends pulumi.CustomResource { /** * Get an existing TargetHttpsProxy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: TargetHttpsProxyState, opts?: pulumi.CustomResourceOptions): TargetHttpsProxy; /** * Returns true if the given object is an instance of TargetHttpsProxy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is TargetHttpsProxy; /** * URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. * Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED. * For EXTERNAL and EXTERNAL_MANAGED, use certificateMap instead. * sslCertificates and certificateManagerCertificates fields can not be defined together. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the selfLink `projects/{project}/locations/{location}/certificates/{resourceName}` */ readonly certificateManagerCertificates: pulumi.Output; /** * A reference to the CertificateMap resource uri that identifies a certificate map * associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes. * For INTERNAL_MANAGED, use certificateManagerCertificates instead. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. */ readonly certificateMap: pulumi.Output; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output; /** * An optional description of this resource. */ readonly description: pulumi.Output; /** * Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. * This field will be ignored when inserting a TargetHttpsProxy. An up-to-date fingerprint must be provided in order to * patch the TargetHttpsProxy; otherwise, the request will fail with error 412 conditionNotMet. * To see the latest fingerprint, make a get() request to retrieve the TargetHttpsProxy. * A base64-encoded string. */ readonly fingerprint: pulumi.Output; /** * Specifies how long to keep a connection open, after completing a response, * while there is no matching traffic (in seconds). If an HTTP keepalive is * not specified, a default value will be used. For Global * external HTTP(S) load balancer, the default value is 610 seconds, the * minimum allowed value is 5 seconds and the maximum allowed value is 1200 * seconds. For cross-region internal HTTP(S) load balancer, the default * value is 600 seconds, the minimum allowed value is 5 seconds, and the * maximum allowed value is 600 seconds. For Global external HTTP(S) load * balancer (classic), this option is not available publicly. */ readonly httpKeepAliveTimeoutSec: pulumi.Output; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * This field only applies when the forwarding rule that references * this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. */ readonly proxyBind: pulumi.Output; /** * The unique identifier for the resource. */ readonly proxyId: pulumi.Output; /** * Specifies the QUIC override policy for this resource. This determines * whether the load balancer will attempt to negotiate QUIC with clients * or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is * specified, Google manages whether QUIC is used. * Default value is `NONE`. * Possible values are: `NONE`, `ENABLE`, `DISABLE`. */ readonly quicOverride: pulumi.Output; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output; /** * A URL referring to a networksecurity.ServerTlsPolicy * resource that describes how the proxy should authenticate inbound * traffic. serverTlsPolicy only applies to a global TargetHttpsProxy * attached to globalForwardingRules with the loadBalancingScheme * set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. * For details which ServerTlsPolicy resources are accepted with * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. * If you remove this field from your configuration at the same time as * deleting or recreating a referenced ServerTlsPolicy resource, you will * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy * within the ServerTlsPolicy resource to avoid this. */ readonly serverTlsPolicy: pulumi.Output; /** * URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. * Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. * sslCertificates and certificateManagerCertificates can not be defined together. */ readonly sslCertificates: pulumi.Output; /** * A reference to the SslPolicy resource that will be associated with * the TargetHttpsProxy resource. If not set, the TargetHttpsProxy * resource will not have any SSL policy configured. */ readonly sslPolicy: pulumi.Output; /** * Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service. * Early Data allows a TLS resumption handshake to include the initial application payload * (a HTTP request) alongside the handshake, reducing the effective round trips to “zero”. * This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). * Possible values are: `STRICT`, `PERMISSIVE`, `UNRESTRICTED`, `DISABLED`. */ readonly tlsEarlyData: pulumi.Output; /** * A reference to the UrlMap resource that defines the mapping from URL * to the BackendService. */ readonly urlMap: pulumi.Output; /** * Create a TargetHttpsProxy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: TargetHttpsProxyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering TargetHttpsProxy resources. */ export interface TargetHttpsProxyState { /** * URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. * Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED. * For EXTERNAL and EXTERNAL_MANAGED, use certificateMap instead. * sslCertificates and certificateManagerCertificates fields can not be defined together. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the selfLink `projects/{project}/locations/{location}/certificates/{resourceName}` */ certificateManagerCertificates?: pulumi.Input[]>; /** * A reference to the CertificateMap resource uri that identifies a certificate map * associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes. * For INTERNAL_MANAGED, use certificateManagerCertificates instead. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. */ certificateMap?: pulumi.Input; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input; /** * An optional description of this resource. */ description?: pulumi.Input; /** * Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. * This field will be ignored when inserting a TargetHttpsProxy. An up-to-date fingerprint must be provided in order to * patch the TargetHttpsProxy; otherwise, the request will fail with error 412 conditionNotMet. * To see the latest fingerprint, make a get() request to retrieve the TargetHttpsProxy. * A base64-encoded string. */ fingerprint?: pulumi.Input; /** * Specifies how long to keep a connection open, after completing a response, * while there is no matching traffic (in seconds). If an HTTP keepalive is * not specified, a default value will be used. For Global * external HTTP(S) load balancer, the default value is 610 seconds, the * minimum allowed value is 5 seconds and the maximum allowed value is 1200 * seconds. For cross-region internal HTTP(S) load balancer, the default * value is 600 seconds, the minimum allowed value is 5 seconds, and the * maximum allowed value is 600 seconds. For Global external HTTP(S) load * balancer (classic), this option is not available publicly. */ httpKeepAliveTimeoutSec?: pulumi.Input; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * This field only applies when the forwarding rule that references * this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. */ proxyBind?: pulumi.Input; /** * The unique identifier for the resource. */ proxyId?: pulumi.Input; /** * Specifies the QUIC override policy for this resource. This determines * whether the load balancer will attempt to negotiate QUIC with clients * or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is * specified, Google manages whether QUIC is used. * Default value is `NONE`. * Possible values are: `NONE`, `ENABLE`, `DISABLE`. */ quicOverride?: pulumi.Input; /** * The URI of the created resource. */ selfLink?: pulumi.Input; /** * A URL referring to a networksecurity.ServerTlsPolicy * resource that describes how the proxy should authenticate inbound * traffic. serverTlsPolicy only applies to a global TargetHttpsProxy * attached to globalForwardingRules with the loadBalancingScheme * set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. * For details which ServerTlsPolicy resources are accepted with * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. * If you remove this field from your configuration at the same time as * deleting or recreating a referenced ServerTlsPolicy resource, you will * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy * within the ServerTlsPolicy resource to avoid this. */ serverTlsPolicy?: pulumi.Input; /** * URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. * Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. * sslCertificates and certificateManagerCertificates can not be defined together. */ sslCertificates?: pulumi.Input[]>; /** * A reference to the SslPolicy resource that will be associated with * the TargetHttpsProxy resource. If not set, the TargetHttpsProxy * resource will not have any SSL policy configured. */ sslPolicy?: pulumi.Input; /** * Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service. * Early Data allows a TLS resumption handshake to include the initial application payload * (a HTTP request) alongside the handshake, reducing the effective round trips to “zero”. * This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). * Possible values are: `STRICT`, `PERMISSIVE`, `UNRESTRICTED`, `DISABLED`. */ tlsEarlyData?: pulumi.Input; /** * A reference to the UrlMap resource that defines the mapping from URL * to the BackendService. */ urlMap?: pulumi.Input; } /** * The set of arguments for constructing a TargetHttpsProxy resource. */ export interface TargetHttpsProxyArgs { /** * URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. * Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED. * For EXTERNAL and EXTERNAL_MANAGED, use certificateMap instead. * sslCertificates and certificateManagerCertificates fields can not be defined together. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the selfLink `projects/{project}/locations/{location}/certificates/{resourceName}` */ certificateManagerCertificates?: pulumi.Input[]>; /** * A reference to the CertificateMap resource uri that identifies a certificate map * associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes. * For INTERNAL_MANAGED, use certificateManagerCertificates instead. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. */ certificateMap?: pulumi.Input; /** * An optional description of this resource. */ description?: pulumi.Input; /** * Specifies how long to keep a connection open, after completing a response, * while there is no matching traffic (in seconds). If an HTTP keepalive is * not specified, a default value will be used. For Global * external HTTP(S) load balancer, the default value is 610 seconds, the * minimum allowed value is 5 seconds and the maximum allowed value is 1200 * seconds. For cross-region internal HTTP(S) load balancer, the default * value is 600 seconds, the minimum allowed value is 5 seconds, and the * maximum allowed value is 600 seconds. For Global external HTTP(S) load * balancer (classic), this option is not available publicly. */ httpKeepAliveTimeoutSec?: pulumi.Input; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * This field only applies when the forwarding rule that references * this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. */ proxyBind?: pulumi.Input; /** * Specifies the QUIC override policy for this resource. This determines * whether the load balancer will attempt to negotiate QUIC with clients * or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is * specified, Google manages whether QUIC is used. * Default value is `NONE`. * Possible values are: `NONE`, `ENABLE`, `DISABLE`. */ quicOverride?: pulumi.Input; /** * A URL referring to a networksecurity.ServerTlsPolicy * resource that describes how the proxy should authenticate inbound * traffic. serverTlsPolicy only applies to a global TargetHttpsProxy * attached to globalForwardingRules with the loadBalancingScheme * set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. * For details which ServerTlsPolicy resources are accepted with * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. * If you remove this field from your configuration at the same time as * deleting or recreating a referenced ServerTlsPolicy resource, you will * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy * within the ServerTlsPolicy resource to avoid this. */ serverTlsPolicy?: pulumi.Input; /** * URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. * Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. * sslCertificates and certificateManagerCertificates can not be defined together. */ sslCertificates?: pulumi.Input[]>; /** * A reference to the SslPolicy resource that will be associated with * the TargetHttpsProxy resource. If not set, the TargetHttpsProxy * resource will not have any SSL policy configured. */ sslPolicy?: pulumi.Input; /** * Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service. * Early Data allows a TLS resumption handshake to include the initial application payload * (a HTTP request) alongside the handshake, reducing the effective round trips to “zero”. * This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). * Possible values are: `STRICT`, `PERMISSIVE`, `UNRESTRICTED`, `DISABLED`. */ tlsEarlyData?: pulumi.Input; /** * A reference to the UrlMap resource that defines the mapping from URL * to the BackendService. */ urlMap: pulumi.Input; }