<?php
/*
 * Copyright 2014 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

namespace Google\Service\Compute;

class TargetHttpsProxy extends \Google\Collection
{
  /**
   * The load balancer will not attempt to negotiate QUIC with clients.
   */
  public const QUIC_OVERRIDE_DISABLE = 'DISABLE';
  /**
   * The load balancer will attempt to negotiate QUIC with clients.
   */
  public const QUIC_OVERRIDE_ENABLE = 'ENABLE';
  /**
   * No overrides to the default QUIC policy. This option is implicit if no QUIC
   * override has been specified in the request.
   */
  public const QUIC_OVERRIDE_NONE = 'NONE';
  /**
   * TLS 1.3 Early Data is not advertised, and any (invalid) attempts to send
   * Early Data will be rejected by closing the connection.
   */
  public const TLS_EARLY_DATA_DISABLED = 'DISABLED';
  /**
   * This enables TLS 1.3 0-RTT, and only allows Early Data to be included on
   * requests with safe HTTP methods (GET, HEAD, OPTIONS, TRACE). This mode does
   * not enforce any other limitations for requests with Early Data. The
   * application owner should validate that Early Data is acceptable for a given
   * request path.
   */
  public const TLS_EARLY_DATA_PERMISSIVE = 'PERMISSIVE';
  /**
   * This enables TLS 1.3 0-RTT, and only allows Early Data to be included on
   * requests with safe HTTP methods (GET, HEAD, OPTIONS, TRACE) without query
   * parameters. Requests that send Early Data with non-idempotent HTTP methods
   * or with query parameters will be rejected with a HTTP 425.
   */
  public const TLS_EARLY_DATA_STRICT = 'STRICT';
  /**
   * This enables TLS 1.3 Early Data for requests with any HTTP method including
   * non-idempotent methods list POST. This mode does not enforce any other
   * limitations. This may be valuable for gRPC use cases. However, we do not
   * recommend this method unless you have evaluated your security stance and
   * mitigated the risk of replay attacks using other mechanisms.
   */
  public const TLS_EARLY_DATA_UNRESTRICTED = 'UNRESTRICTED';
  protected $collection_key = 'sslCertificates';
  /**
   * Optional. A URL referring to a networksecurity.AuthorizationPolicy resource
   * that describes how the proxy should authorize inbound traffic. If left
   * blank, access will not be restricted by an authorization policy.
   *
   *  Refer to the AuthorizationPolicy resource for additional details.
   *
   *  authorizationPolicy only applies to a globalTargetHttpsProxy attached
   * toglobalForwardingRules with theloadBalancingScheme set to
   * INTERNAL_SELF_MANAGED.
   *
   *  Note: This field currently has no impact.
   *
   * @var string
   */
  public $authorizationPolicy;
  /**
   * URL of a certificate map that identifies a certificate map associated with
   * the given target proxy. This field can only be set for Global external
   * Application Load Balancer or Classic Application Load Balancer. For other
   * products use Certificate Manager Certificates instead.
   *
   * If set, sslCertificates will be ignored.
   *
   *  Accepted format is//certificatemanager.googleapis.com/projects/{project}/l
   * ocations/{location}/certificateMaps/{resourceName}.
   *
   * @var string
   */
  public $certificateMap;
  /**
   * Output only. [Output Only] Creation timestamp inRFC3339 text format.
   *
   * @var string
   */
  public $creationTimestamp;
  /**
   * An optional description of this resource. Provide this property when you
   * create the resource.
   *
   * @var string
   */
  public $description;
  /**
   * Fingerprint of this resource. A hash of the contents stored in this object.
   * This field is used in optimistic locking. This field will be ignored when
   * inserting a TargetHttpsProxy. An up-to-date fingerprint must be provided in
   * order to patch the TargetHttpsProxy; otherwise, the request will fail with
   * error 412 conditionNotMet. To see the latest fingerprint, make a get()
   * request to retrieve the TargetHttpsProxy.
   *
   * @var string
   */
  public $fingerprint;
  /**
   * Specifies how long to keep a connection open, after completing a response,
   * while there is no matching traffic (in seconds). If an HTTP keep-alive is
   * not specified, a default value (610 seconds) will be used.
   *
   * For global external Application Load Balancers, the minimum allowed value
   * is 5 seconds and the maximum allowed value is 1200 seconds.
   *
   * For classic Application Load Balancers, this option is not supported.
   *
   * @var int
   */
  public $httpKeepAliveTimeoutSec;
  /**
   * [Output Only] The unique identifier for the resource. This identifier is
   * defined by the server.
   *
   * @var string
   */
  public $id;
  /**
   * Output only. [Output Only] Type of resource. Alwayscompute#targetHttpsProxy
   * for target HTTPS proxies.
   *
   * @var string
   */
  public $kind;
  /**
   * Name of the resource. Provided by the client when the resource is created.
   * The name must be 1-63 characters long, and comply withRFC1035.
   * Specifically, the name must be 1-63 characters long and match the regular
   * expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character
   * must be a lowercase letter, and all following characters must be a dash,
   * lowercase letter, or digit, except the last character, which cannot be a
   * dash.
   *
   * @var string
   */
  public $name;
  /**
   * This field only applies when the forwarding rule that references this
   * target proxy has a loadBalancingScheme set toINTERNAL_SELF_MANAGED.
   *
   * When this field is set to true, Envoy proxies set up inbound traffic
   * interception and bind to the IP address and port specified in the
   * forwarding rule. This is generally useful when using Traffic Director to
   * configure Envoy as a gateway or middle proxy (in other words, not a sidecar
   * proxy). The Envoy proxy listens for inbound requests and handles requests
   * when it receives them.
   *
   * The default is false.
   *
   * @var bool
   */
  public $proxyBind;
  /**
   * Specifies the QUIC override policy for this TargetHttpsProxy resource. This
   * setting determines whether the load balancer attempts to negotiate QUIC
   * with clients. You can specify NONE, ENABLE, orDISABLE.        - When quic-
   * override is set to NONE,    Google manages whether QUIC is used.    - When
   * quic-override is set to ENABLE, the    load balancer uses QUIC when
   * possible.    - When quic-override is set to DISABLE, the    load balancer
   * doesn't use QUIC.    - If the quic-override flag is not specified,NONE is
   * implied.
   *
   * @var string
   */
  public $quicOverride;
  /**
   * Output only. [Output Only] URL of the region where the regional
   * TargetHttpsProxy resides. This field is not applicable to global
   * TargetHttpsProxies.
   *
   * @var string
   */
  public $region;
  /**
   * [Output Only] Server-defined URL for the resource.
   *
   * @var string
   */
  public $selfLink;
  /**
   * Optional. A URL referring to a networksecurity.ServerTlsPolicy resource
   * that describes how the proxy should authenticate inbound traffic.
   *
   *  serverTlsPolicy only applies to a globalTargetHttpsProxy attached
   * toglobalForwardingRules with theloadBalancingScheme set to
   * INTERNAL_SELF_MANAGED or EXTERNAL orEXTERNAL_MANAGED or INTERNAL_MANAGED.
   * It also applies to a regional TargetHttpsProxy attached to regional
   * forwardingRules with theloadBalancingScheme set to EXTERNAL_MANAGED
   * orINTERNAL_MANAGED. For details whichServerTlsPolicy resources are accepted
   * withINTERNAL_SELF_MANAGED and which with EXTERNAL,INTERNAL_MANAGED,
   * EXTERNAL_MANAGEDloadBalancingScheme consult ServerTlsPolicy documentation.
   *
   *   If left blank, communications are not encrypted.
   *
   * @var string
   */
  public $serverTlsPolicy;
  /**
   * URLs to SslCertificate resources that are used to authenticate connections
   * between users and the load balancer. At least one SSL certificate must be
   * specified. SslCertificates do not apply when the load balancing scheme is
   * set to INTERNAL_SELF_MANAGED.
   *
   * The URLs should refer to a SSL Certificate resource or Certificate Manager
   * Certificate resource. Mixing Classic Certificates and Certificate Manager
   * Certificates is not allowed. Certificate Manager Certificates must include
   * the certificatemanager API namespace. Using Certificate Manager
   * Certificates in this field is not supported by Global external Application
   * Load Balancer or Classic Application Load Balancer, use certificate_map
   * instead.
   *
   * Currently, you may specify up to 15 Classic SSL Certificates or up to 100
   * Certificate Manager Certificates.
   *
   * Certificate Manager Certificates accepted formats are:        - //certifica
   * temanager.googleapis.com/projects/{project}/locations/{location}/certificat
   * es/{resourceName}.    - https://certificatemanager.googleapis.com/v1alpha1/
   * projects/{project}/locations/{location}/certificates/{resourceName}.
   *
   * @var string[]
   */
  public $sslCertificates;
  /**
   * URL of SslPolicy resource that will be associated with the TargetHttpsProxy
   * resource. If not set, the TargetHttpsProxy resource has no SSL policy
   * configured.
   *
   * @var string
   */
  public $sslPolicy;
  /**
   * Specifies whether TLS 1.3 0-RTT Data ("Early Data") should be accepted for
   * this service. Early Data allows a TLS resumption handshake to include the
   * initial application payload (a HTTP request) alongside the handshake,
   * reducing the effective round trips to "zero". This applies to TLS 1.3
   * connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
   *
   * This can improve application performance, especially on networks where
   * interruptions may be common, such as on mobile.
   *
   * Requests with Early Data will have the "Early-Data" HTTP header set on the
   * request, with a value of "1", to allow the backend to determine whether
   * Early Data was included.
   *
   * Note: TLS Early Data may allow requests to be replayed, as the data is sent
   * to the backend before the handshake has fully completed. Applications that
   * allow idempotent HTTP methods to make non-idempotent changes, such as a GET
   * request updating a database, should not accept Early Data on those
   * requests, and reject requests with the "Early-Data: 1" HTTP header by
   * returning a HTTP 425 (Too Early) status code, in order to remain RFC
   * compliant.
   *
   * The default value is DISABLED.
   *
   * @var string
   */
  public $tlsEarlyData;
  /**
   * A fully-qualified or valid partial URL to the UrlMap resource that defines
   * the mapping from URL to the BackendService. For example, the following are
   * all valid URLs for specifying a URL map:        -
   * https://www.googleapis.compute/v1/projects/project/global/urlMaps/url-map
   * - projects/project/global/urlMaps/url-map     - global/urlMaps/url-map
   *
   * @var string
   */
  public $urlMap;

  /**
   * Optional. A URL referring to a networksecurity.AuthorizationPolicy resource
   * that describes how the proxy should authorize inbound traffic. If left
   * blank, access will not be restricted by an authorization policy.
   *
   *  Refer to the AuthorizationPolicy resource for additional details.
   *
   *  authorizationPolicy only applies to a globalTargetHttpsProxy attached
   * toglobalForwardingRules with theloadBalancingScheme set to
   * INTERNAL_SELF_MANAGED.
   *
   *  Note: This field currently has no impact.
   *
   * @param string $authorizationPolicy
   */
  public function setAuthorizationPolicy($authorizationPolicy)
  {
    $this->authorizationPolicy = $authorizationPolicy;
  }
  /**
   * @return string
   */
  public function getAuthorizationPolicy()
  {
    return $this->authorizationPolicy;
  }
  /**
   * URL of a certificate map that identifies a certificate map associated with
   * the given target proxy. This field can only be set for Global external
   * Application Load Balancer or Classic Application Load Balancer. For other
   * products use Certificate Manager Certificates instead.
   *
   * If set, sslCertificates will be ignored.
   *
   *  Accepted format is//certificatemanager.googleapis.com/projects/{project}/l
   * ocations/{location}/certificateMaps/{resourceName}.
   *
   * @param string $certificateMap
   */
  public function setCertificateMap($certificateMap)
  {
    $this->certificateMap = $certificateMap;
  }
  /**
   * @return string
   */
  public function getCertificateMap()
  {
    return $this->certificateMap;
  }
  /**
   * Output only. [Output Only] Creation timestamp inRFC3339 text format.
   *
   * @param string $creationTimestamp
   */
  public function setCreationTimestamp($creationTimestamp)
  {
    $this->creationTimestamp = $creationTimestamp;
  }
  /**
   * @return string
   */
  public function getCreationTimestamp()
  {
    return $this->creationTimestamp;
  }
  /**
   * An optional description of this resource. Provide this property when you
   * create the resource.
   *
   * @param string $description
   */
  public function setDescription($description)
  {
    $this->description = $description;
  }
  /**
   * @return string
   */
  public function getDescription()
  {
    return $this->description;
  }
  /**
   * Fingerprint of this resource. A hash of the contents stored in this object.
   * This field is used in optimistic locking. This field will be ignored when
   * inserting a TargetHttpsProxy. An up-to-date fingerprint must be provided in
   * order to patch the TargetHttpsProxy; otherwise, the request will fail with
   * error 412 conditionNotMet. To see the latest fingerprint, make a get()
   * request to retrieve the TargetHttpsProxy.
   *
   * @param string $fingerprint
   */
  public function setFingerprint($fingerprint)
  {
    $this->fingerprint = $fingerprint;
  }
  /**
   * @return string
   */
  public function getFingerprint()
  {
    return $this->fingerprint;
  }
  /**
   * Specifies how long to keep a connection open, after completing a response,
   * while there is no matching traffic (in seconds). If an HTTP keep-alive is
   * not specified, a default value (610 seconds) will be used.
   *
   * For global external Application Load Balancers, the minimum allowed value
   * is 5 seconds and the maximum allowed value is 1200 seconds.
   *
   * For classic Application Load Balancers, this option is not supported.
   *
   * @param int $httpKeepAliveTimeoutSec
   */
  public function setHttpKeepAliveTimeoutSec($httpKeepAliveTimeoutSec)
  {
    $this->httpKeepAliveTimeoutSec = $httpKeepAliveTimeoutSec;
  }
  /**
   * @return int
   */
  public function getHttpKeepAliveTimeoutSec()
  {
    return $this->httpKeepAliveTimeoutSec;
  }
  /**
   * [Output Only] The unique identifier for the resource. This identifier is
   * defined by the server.
   *
   * @param string $id
   */
  public function setId($id)
  {
    $this->id = $id;
  }
  /**
   * @return string
   */
  public function getId()
  {
    return $this->id;
  }
  /**
   * Output only. [Output Only] Type of resource. Alwayscompute#targetHttpsProxy
   * for target HTTPS proxies.
   *
   * @param string $kind
   */
  public function setKind($kind)
  {
    $this->kind = $kind;
  }
  /**
   * @return string
   */
  public function getKind()
  {
    return $this->kind;
  }
  /**
   * Name of the resource. Provided by the client when the resource is created.
   * The name must be 1-63 characters long, and comply withRFC1035.
   * Specifically, the name must be 1-63 characters long and match the regular
   * expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character
   * must be a lowercase letter, and all following characters must be a dash,
   * lowercase letter, or digit, except the last character, which cannot be a
   * dash.
   *
   * @param string $name
   */
  public function setName($name)
  {
    $this->name = $name;
  }
  /**
   * @return string
   */
  public function getName()
  {
    return $this->name;
  }
  /**
   * This field only applies when the forwarding rule that references this
   * target proxy has a loadBalancingScheme set toINTERNAL_SELF_MANAGED.
   *
   * When this field is set to true, Envoy proxies set up inbound traffic
   * interception and bind to the IP address and port specified in the
   * forwarding rule. This is generally useful when using Traffic Director to
   * configure Envoy as a gateway or middle proxy (in other words, not a sidecar
   * proxy). The Envoy proxy listens for inbound requests and handles requests
   * when it receives them.
   *
   * The default is false.
   *
   * @param bool $proxyBind
   */
  public function setProxyBind($proxyBind)
  {
    $this->proxyBind = $proxyBind;
  }
  /**
   * @return bool
   */
  public function getProxyBind()
  {
    return $this->proxyBind;
  }
  /**
   * Specifies the QUIC override policy for this TargetHttpsProxy resource. This
   * setting determines whether the load balancer attempts to negotiate QUIC
   * with clients. You can specify NONE, ENABLE, orDISABLE.        - When quic-
   * override is set to NONE,    Google manages whether QUIC is used.    - When
   * quic-override is set to ENABLE, the    load balancer uses QUIC when
   * possible.    - When quic-override is set to DISABLE, the    load balancer
   * doesn't use QUIC.    - If the quic-override flag is not specified,NONE is
   * implied.
   *
   * Accepted values: DISABLE, ENABLE, NONE
   *
   * @param self::QUIC_OVERRIDE_* $quicOverride
   */
  public function setQuicOverride($quicOverride)
  {
    $this->quicOverride = $quicOverride;
  }
  /**
   * @return self::QUIC_OVERRIDE_*
   */
  public function getQuicOverride()
  {
    return $this->quicOverride;
  }
  /**
   * Output only. [Output Only] URL of the region where the regional
   * TargetHttpsProxy resides. This field is not applicable to global
   * TargetHttpsProxies.
   *
   * @param string $region
   */
  public function setRegion($region)
  {
    $this->region = $region;
  }
  /**
   * @return string
   */
  public function getRegion()
  {
    return $this->region;
  }
  /**
   * [Output Only] Server-defined URL for the resource.
   *
   * @param string $selfLink
   */
  public function setSelfLink($selfLink)
  {
    $this->selfLink = $selfLink;
  }
  /**
   * @return string
   */
  public function getSelfLink()
  {
    return $this->selfLink;
  }
  /**
   * Optional. A URL referring to a networksecurity.ServerTlsPolicy resource
   * that describes how the proxy should authenticate inbound traffic.
   *
   *  serverTlsPolicy only applies to a globalTargetHttpsProxy attached
   * toglobalForwardingRules with theloadBalancingScheme set to
   * INTERNAL_SELF_MANAGED or EXTERNAL orEXTERNAL_MANAGED or INTERNAL_MANAGED.
   * It also applies to a regional TargetHttpsProxy attached to regional
   * forwardingRules with theloadBalancingScheme set to EXTERNAL_MANAGED
   * orINTERNAL_MANAGED. For details whichServerTlsPolicy resources are accepted
   * withINTERNAL_SELF_MANAGED and which with EXTERNAL,INTERNAL_MANAGED,
   * EXTERNAL_MANAGEDloadBalancingScheme consult ServerTlsPolicy documentation.
   *
   *   If left blank, communications are not encrypted.
   *
   * @param string $serverTlsPolicy
   */
  public function setServerTlsPolicy($serverTlsPolicy)
  {
    $this->serverTlsPolicy = $serverTlsPolicy;
  }
  /**
   * @return string
   */
  public function getServerTlsPolicy()
  {
    return $this->serverTlsPolicy;
  }
  /**
   * URLs to SslCertificate resources that are used to authenticate connections
   * between users and the load balancer. At least one SSL certificate must be
   * specified. SslCertificates do not apply when the load balancing scheme is
   * set to INTERNAL_SELF_MANAGED.
   *
   * The URLs should refer to a SSL Certificate resource or Certificate Manager
   * Certificate resource. Mixing Classic Certificates and Certificate Manager
   * Certificates is not allowed. Certificate Manager Certificates must include
   * the certificatemanager API namespace. Using Certificate Manager
   * Certificates in this field is not supported by Global external Application
   * Load Balancer or Classic Application Load Balancer, use certificate_map
   * instead.
   *
   * Currently, you may specify up to 15 Classic SSL Certificates or up to 100
   * Certificate Manager Certificates.
   *
   * Certificate Manager Certificates accepted formats are:        - //certifica
   * temanager.googleapis.com/projects/{project}/locations/{location}/certificat
   * es/{resourceName}.    - https://certificatemanager.googleapis.com/v1alpha1/
   * projects/{project}/locations/{location}/certificates/{resourceName}.
   *
   * @param string[] $sslCertificates
   */
  public function setSslCertificates($sslCertificates)
  {
    $this->sslCertificates = $sslCertificates;
  }
  /**
   * @return string[]
   */
  public function getSslCertificates()
  {
    return $this->sslCertificates;
  }
  /**
   * URL of SslPolicy resource that will be associated with the TargetHttpsProxy
   * resource. If not set, the TargetHttpsProxy resource has no SSL policy
   * configured.
   *
   * @param string $sslPolicy
   */
  public function setSslPolicy($sslPolicy)
  {
    $this->sslPolicy = $sslPolicy;
  }
  /**
   * @return string
   */
  public function getSslPolicy()
  {
    return $this->sslPolicy;
  }
  /**
   * Specifies whether TLS 1.3 0-RTT Data ("Early Data") should be accepted for
   * this service. Early Data allows a TLS resumption handshake to include the
   * initial application payload (a HTTP request) alongside the handshake,
   * reducing the effective round trips to "zero". This applies to TLS 1.3
   * connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
   *
   * This can improve application performance, especially on networks where
   * interruptions may be common, such as on mobile.
   *
   * Requests with Early Data will have the "Early-Data" HTTP header set on the
   * request, with a value of "1", to allow the backend to determine whether
   * Early Data was included.
   *
   * Note: TLS Early Data may allow requests to be replayed, as the data is sent
   * to the backend before the handshake has fully completed. Applications that
   * allow idempotent HTTP methods to make non-idempotent changes, such as a GET
   * request updating a database, should not accept Early Data on those
   * requests, and reject requests with the "Early-Data: 1" HTTP header by
   * returning a HTTP 425 (Too Early) status code, in order to remain RFC
   * compliant.
   *
   * The default value is DISABLED.
   *
   * Accepted values: DISABLED, PERMISSIVE, STRICT, UNRESTRICTED
   *
   * @param self::TLS_EARLY_DATA_* $tlsEarlyData
   */
  public function setTlsEarlyData($tlsEarlyData)
  {
    $this->tlsEarlyData = $tlsEarlyData;
  }
  /**
   * @return self::TLS_EARLY_DATA_*
   */
  public function getTlsEarlyData()
  {
    return $this->tlsEarlyData;
  }
  /**
   * A fully-qualified or valid partial URL to the UrlMap resource that defines
   * the mapping from URL to the BackendService. For example, the following are
   * all valid URLs for specifying a URL map:        -
   * https://www.googleapis.compute/v1/projects/project/global/urlMaps/url-map
   * - projects/project/global/urlMaps/url-map     - global/urlMaps/url-map
   *
   * @param string $urlMap
   */
  public function setUrlMap($urlMap)
  {
    $this->urlMap = $urlMap;
  }
  /**
   * @return string
   */
  public function getUrlMap()
  {
    return $this->urlMap;
  }
}

// Adding a class alias for backwards compatibility with the previous class name.
class_alias(TargetHttpsProxy::class, 'Google_Service_Compute_TargetHttpsProxy');