# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'TargetServer' description: | TargetServer configuration. TargetServers are used to decouple a proxy TargetEndpoint HTTPTargetConnections from concrete URLs for backend services. references: guides: 'Load balancing across backend servers': 'https://cloud.google.com/apigee/docs/api-platform/deploy/load-balancing-across-backend-servers' api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.targetservers/create' docs: base_url: '{{env_id}}/targetservers' self_link: '{{env_id}}/targetservers/{{name}}' create_url: '{{env_id}}/targetservers' update_url: '{{env_id}}/targetservers/{{name}}' delete_url: '{{env_id}}/targetservers/{{name}}' import_format: - '{{env_id}}/targetservers/{{name}}' - '{{env_id}}/{{name}}' timeouts: insert_minutes: 1 update_minutes: 1 delete_minutes: 1 autogen_async: true custom_code: custom_import: 'templates/terraform/custom_import/apigee_target_server.go.tmpl' exclude_sweeper: true examples: - name: 'apigee_target_server_test_basic' primary_resource_id: 'apigee_target_server' vars: project_id: 'my-project' environment_name: 'my-environment-name' target_server: 'my-target-server' test_env_vars: org_id: 'ORG_ID' billing_account: 'BILLING_ACCT' exclude_test: true - name: 'apigee_target_server_test' primary_resource_id: 'apigee_target_server' test_env_vars: org_id: 'ORG_ID' billing_account: 'BILLING_ACCT' exclude_docs: true external_providers: ["time"] parameters: - name: 'envId' type: String description: | The Apigee environment group associated with the Apigee environment, in the format `organizations/{{org_name}}/environments/{{env_name}}`. url_param_only: true required: true immutable: true properties: - name: 'name' type: String description: | The resource id of this reference. Values must match the regular expression [\w\s-.]+. required: true immutable: true - name: 'description' type: String description: | A human-readable description of this TargetServer. - name: 'host' type: String description: | The host name this target connects to. Value must be a valid hostname as described by RFC-1123. required: true - name: 'port' type: Integer description: | The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive. required: true - name: 'isEnabled' type: Boolean description: | Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true. default_value: true - name: 'sSLInfo' type: NestedObject description: Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration. properties: - name: 'enabled' type: Boolean description: | Enables TLS. If false, neither one-way nor two-way TLS will be enabled. required: true - name: 'clientAuthEnabled' type: Boolean description: | Enables two-way TLS. - name: 'keyStore' type: String description: | Required if clientAuthEnabled is true. The resource ID of the keystore. - name: 'keyAlias' type: String description: | Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert. - name: 'trustStore' type: String description: | The resource ID of the truststore. - name: 'ignoreValidationErrors' type: Boolean description: | If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails. - name: 'protocols' type: Array description: | The TLS versioins to be used. item_type: type: String - name: 'ciphers' type: Array description: | The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3. item_type: type: String - name: 'commonName' type: NestedObject description: The TLS Common Name of the certificate. properties: - name: 'value' type: String description: | The TLS Common Name string of the certificate. - name: 'wildcardMatch' type: Boolean description: | Indicates whether the cert should be matched against as a wildcard cert. - name: 'enforce' type: Boolean description: | If true, TLS is strictly enforced. - name: 'protocol' type: Enum description: | Immutable. The protocol used by this TargetServer. immutable: true default_from_api: true enum_values: - 'HTTP' - 'HTTP2' - 'GRPC_TARGET' - 'GRPC' - 'EXTERNAL_CALLOUT'