Policy: GCP > Network > Target SSL Proxy > SSL Policy

Determine the action to take when an GCP Network target SSL proxy is not using an allowed SSL policy.

If a target SSL proxy is not using an allowed SSL policy and this policy is set to Enforce: Set to default if SSL policy not in allowed list, the target SSL proxy will be updated to use the SSL policy selected in the GCP > Network > Target SSL Proxy > SSL Policy > Default policy.

If the SSL policy in the GCP > Network > Target SSL Proxy > SSL Policy > Default policy is not allowed in the GCP > Network > Target SSL Proxy > SSL Policy > Allowed policy, Guardrails will not attempt to set the SSL policy to prevent continuous updates.

Resource Types

This policy targets the following resource types:

GCP > Network > Target SSL Proxy

Controls

GCP > Network > Target SSL Proxy > SSL Policy

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: SSL policy in allowed list` `Enforce: Set to default if SSL policy not in allowed list`
Examples [YAML]	`Check: SSL policy in allowed list`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/other

Policy Type URI

tmod:@turbot/gcp-network#/policy/types/targetSslProxySslPolicy

GraphQL

query policyType(id: "tmod:@turbot/gcp-network#/policy/types/targetSslProxySslPolicy") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-network#/policy/types/targetSslProxySslPolicy'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-network#/policy/types/targetSslProxySslPolicy'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-network#/policy/types/targetSslProxySslPolicy"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-network#/policy/types/targetSslProxySslPolicy"