public sealed class EndpointPolicy : IMessage<EndpointPolicy>, IEquatable<EndpointPolicy>, IDeepCloneable<EndpointPolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Network Services v1 API class EndpointPolicy.
EndpointPolicy is a resource that helps apply desired configuration
on the endpoints that match specific criteria.
For example, this resource can be used to apply "authentication config"
an all endpoints that serve on port 8080.
Optional. This field specifies the URL of AuthorizationPolicy resource that
applies authorization policies to the inbound traffic at the
matched endpoints. Refer to Authorization. If this field is not
specified, authorization is disabled(no authz checks) for this
endpoint.
Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy
can be set to specify the authentication for traffic from the proxy to the
actual endpoints. More specifically, it is applied to the outgoing traffic
from the proxy to the endpoint. This is typically used for sidecar model
where the proxy identifies itself as endpoint to the control plane, with
the connection between sidecar and endpoint requiring authentication. If
this field is not set, authentication is disabled(open). Applicable only
when EndpointPolicyType is SIDECAR_PROXY.
Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is
used to determine the authentication policy to be applied to terminate the
inbound traffic at the identified backends. If this field is not set,
authentication is disabled(open) for this endpoint.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eEndpointPolicy\u003c/code\u003e class in the Network Services v1 API allows configuration to be applied to endpoints matching specific criteria, such as applying authentication settings to all endpoints serving on port 8080.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eEndpointPolicy\u003c/code\u003e supports authorization policies via the \u003ccode\u003eAuthorizationPolicy\u003c/code\u003e property, client-side TLS policies with \u003ccode\u003eClientTlsPolicy\u003c/code\u003e, and server-side TLS policies via the \u003ccode\u003eServerTlsPolicy\u003c/code\u003e property for different authentication requirements.\u003c/p\u003e\n"],["\u003cp\u003eThe class uses an \u003ccode\u003eEndpointMatcher\u003c/code\u003e to determine which endpoints the policies should apply to, and offers an optional \u003ccode\u003eTrafficPortSelector\u003c/code\u003e to specify ports.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eEndpointPolicy\u003c/code\u003e includes properties for resource management like \u003ccode\u003eCreateTime\u003c/code\u003e, \u003ccode\u003eUpdateTime\u003c/code\u003e, and \u003ccode\u003eDescription\u003c/code\u003e, and also uses the \u003ccode\u003eLabels\u003c/code\u003e property to allow set of tag labels to be associated to the resource.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eType\u003c/code\u003e property, which is required, determines the type of endpoint policy, primarily for configuration validation.\u003c/p\u003e\n"]]],[],null,["# Network Services v1 API - Class EndpointPolicy (1.3.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.3.0 (latest)](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy)\n- [1.2.0](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/1.2.0/Google.Cloud.NetworkServices.V1.EndpointPolicy)\n- [1.1.0](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/1.1.0/Google.Cloud.NetworkServices.V1.EndpointPolicy)\n- [1.0.0](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/1.0.0/Google.Cloud.NetworkServices.V1.EndpointPolicy) \n\n public sealed class EndpointPolicy : IMessage\u003cEndpointPolicy\u003e, IEquatable\u003cEndpointPolicy\u003e, IDeepCloneable\u003cEndpointPolicy\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Network Services v1 API class EndpointPolicy.\n\nEndpointPolicy is a resource that helps apply desired configuration\non the endpoints that match specific criteria.\nFor example, this resource can be used to apply \"authentication config\"\nan all endpoints that serve on port 8080. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e EndpointPolicy \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[EndpointPolicy](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[EndpointPolicy](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[EndpointPolicy](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.NetworkServices.V1](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.NetworkServices.V1.dll\n\nConstructors\n------------\n\n### EndpointPolicy()\n\n public EndpointPolicy()\n\n### EndpointPolicy(EndpointPolicy)\n\n public EndpointPolicy(EndpointPolicy other)\n\nProperties\n----------\n\n### AuthorizationPolicy\n\n public string AuthorizationPolicy { get; set; }\n\nOptional. This field specifies the URL of AuthorizationPolicy resource that\napplies authorization policies to the inbound traffic at the\nmatched endpoints. Refer to Authorization. If this field is not\nspecified, authorization is disabled(no authz checks) for this\nendpoint.\n\n### AuthorizationPolicyAsAuthorizationPolicyName\n\n public AuthorizationPolicyName AuthorizationPolicyAsAuthorizationPolicyName { get; set; }\n\n[AuthorizationPolicyName](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.AuthorizationPolicyName)-typed view over the [AuthorizationPolicy](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy#Google_Cloud_NetworkServices_V1_EndpointPolicy_AuthorizationPolicy) resource name\nproperty.\n\n### ClientTlsPolicy\n\n public string ClientTlsPolicy { get; set; }\n\nOptional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy\ncan be set to specify the authentication for traffic from the proxy to the\nactual endpoints. More specifically, it is applied to the outgoing traffic\nfrom the proxy to the endpoint. This is typically used for sidecar model\nwhere the proxy identifies itself as endpoint to the control plane, with\nthe connection between sidecar and endpoint requiring authentication. If\nthis field is not set, authentication is disabled(open). Applicable only\nwhen EndpointPolicyType is SIDECAR_PROXY.\n\n### ClientTlsPolicyAsClientTlsPolicyName\n\n public ClientTlsPolicyName ClientTlsPolicyAsClientTlsPolicyName { get; set; }\n\n[ClientTlsPolicyName](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.ClientTlsPolicyName)-typed view over the [ClientTlsPolicy](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy#Google_Cloud_NetworkServices_V1_EndpointPolicy_ClientTlsPolicy) resource name property.\n\n### CreateTime\n\n public Timestamp CreateTime { get; set; }\n\nOutput only. The timestamp when the resource was created.\n\n### Description\n\n public string Description { get; set; }\n\nOptional. A free-text description of the resource. Max length 1024\ncharacters.\n\n### EndpointMatcher\n\n public EndpointMatcher EndpointMatcher { get; set; }\n\nRequired. A matcher that selects endpoints to which the policies should be\napplied.\n\n### EndpointPolicyName\n\n public EndpointPolicyName EndpointPolicyName { get; set; }\n\n[EndpointPolicyName](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicyName)-typed view over the [Name](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy#Google_Cloud_NetworkServices_V1_EndpointPolicy_Name) resource name property.\n\n### Labels\n\n public MapField\u003cstring, string\u003e Labels { get; }\n\nOptional. Set of label tags associated with the EndpointPolicy resource.\n\n### Name\n\n public string Name { get; set; }\n\nIdentifier. Name of the EndpointPolicy resource. It matches pattern\n`projects/{project}/locations/global/endpointPolicies/{endpoint_policy}`.\n\n### ServerTlsPolicy\n\n public string ServerTlsPolicy { get; set; }\n\nOptional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is\nused to determine the authentication policy to be applied to terminate the\ninbound traffic at the identified backends. If this field is not set,\nauthentication is disabled(open) for this endpoint.\n\n### ServerTlsPolicyAsServerTlsPolicyName\n\n public ServerTlsPolicyName ServerTlsPolicyAsServerTlsPolicyName { get; set; }\n\n[ServerTlsPolicyName](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.ServerTlsPolicyName)-typed view over the [ServerTlsPolicy](/dotnet/docs/reference/Google.Cloud.NetworkServices.V1/latest/Google.Cloud.NetworkServices.V1.EndpointPolicy#Google_Cloud_NetworkServices_V1_EndpointPolicy_ServerTlsPolicy) resource name property.\n\n### TrafficPortSelector\n\n public TrafficPortSelector TrafficPortSelector { get; set; }\n\nOptional. Port selector for the (matched) endpoints. If no port selector is\nprovided, the matched config is applied to all ports.\n\n### Type\n\n public EndpointPolicy.Types.EndpointPolicyType Type { get; set; }\n\nRequired. The type of endpoint policy. This is primarily used to validate\nthe configuration.\n\n### UpdateTime\n\n public Timestamp UpdateTime { get; set; }\n\nOutput only. The timestamp when the resource was updated."]]
